Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-252641 | ASP4-TS-020250 | SV-252641r818093_rule | Medium |
Description |
---|
By restricting the transfer users to a limited part of the server's file system, this prevents unauthorized data transfers. By default, all system users can establish a FASP connection and are only restricted by file permissions. |
STIG | Date |
---|---|
IBM Aspera Platform 4.2 Security Technical Implementation Guide | 2022-08-24 |
Check Text ( C-56097r818091_chk ) |
---|
Verify the Aspera High-Speed Transfer Server restricts Aspera transfer users to a limited part of the server's file system. Check that each user is restricted to a specific transfer folder with the following command: Warning: If an invalid user/group name is entered, the asuserdata command will return results that may appear accurate. Ensure that the user/group name is valid and entered into the command correctly. $ sudo /opt/aspera/bin/asuserdata -u canonical_absolute: " absolute: " If the transfer user's docroot is set to " |
Fix Text (F-56047r818092_fix) |
---|
Configure the Aspera High-Speed Transfer Server to restrict Aspera transfer users to a limited part of the server's file system with the following command: $ sudo /opt/aspera/bin/asconfigurator -x "set_user_data; user_name, Restart the IBM Aspera Node service to activate the changes. $ sudo systemctl restart asperanoded.service |