The IBM Aspera High-Speed Transfer Server must restrict Aspera transfer users to a limited part of the server's file system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-252641 | ASP4-TS-020250 | SV-252641r818093_rule | Medium |
| Description |
|---|
| By restricting the transfer users to a limited part of the server's file system, this prevents unauthorized data transfers. By default, all system users can establish a FASP connection and are only restricted by file permissions. |
| STIG | Date |
|---|---|
| IBM Aspera Platform 4.2 Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-56097r818091_chk ) |
|---|
| Verify the Aspera High-Speed Transfer Server restricts Aspera transfer users to a limited part of the server's file system. Check that each user is restricted to a specific transfer folder with the following command: Warning: If an invalid user/group name is entered, the asuserdata command will return results that may appear accurate. Ensure that the user/group name is valid and entered into the command correctly. $ sudo /opt/aspera/bin/asuserdata -u canonical_absolute: " absolute: " If the transfer user's docroot is set to " |
| Fix Text (F-56047r818092_fix) |
|---|
| Configure the Aspera High-Speed Transfer Server to restrict Aspera transfer users to a limited part of the server's file system with the following command: $ sudo /opt/aspera/bin/asconfigurator -x "set_user_data; user_name, Restart the IBM Aspera Node service to activate the changes. $ sudo systemctl restart asperanoded.service |