Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-252640 | ASP4-TS-020240 | SV-252640r818090_rule | Medium |
Description |
---|
By incorporating a least privilege approach to the configuration of the Aspera HSTS platform, this will reduce the exposure of privileged accounts. By default, all system users can establish a FASP connection and are only restricted by file permissions. |
STIG | Date |
---|---|
IBM Aspera Platform 4.2 Security Technical Implementation Guide | 2022-08-24 |
Check Text ( C-56096r818088_chk ) |
---|
Verify the Aspera High-Speed Transfer Server restricts the use of the root account for transfers with the following command: Warning: If an invalid user/group name is entered, the asuserdata command will return results that may appear accurate. Ensure that the user/group name is valid and entered into the command correctly. $ sudo /opt/aspera/bin/asuserdata -u root | grep allowed | grep true If results are returned from the above command, this is a finding. |
Fix Text (F-56046r818089_fix) |
---|
Configure the Aspera High-Speed Transfer Server to restrict the use of the root account for transfers. For each privilege that is set to "true", run the following command: $ sudo /opt/aspera/bin/asconfigurator -x "set_user_data;user_name,root; Restart the IBM Aspera Node service to activate the changes. $ sudo systemctl restart asperanoded.service |