UCF STIG Viewer Logo

The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must be owned by root to prevent unauthorized read access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-252647 ASP4-TS-020310 SV-252647r831533_rule Medium
Description
Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. The rootkeystore.db functions as a backup and main source of truth for encrypted secrets.
STIG Date
IBM Aspera Platform 4.2 Security Technical Implementation Guide 2022-08-24

Details

Check Text ( C-56103r818109_chk )
Verify the rootkeystore.db file is owned by root with the following command:

$ sudo stat -c "%U" /opt/aspera/etc/rootkeystore.db

root

If "root" is not returned as a result, this is a finding.
Fix Text (F-56053r818110_fix)
Configure the rootkeystore.db file to be owned by root with the following command:

$ sudo chown root /opt/aspera/etc/rootkeystore.db