The IBM Aspera Faspex private/secret cryptographic keys file must be owned by faspex to prevent unauthorized read access.

An XCCDF Rule

Details
Profiles

Description

Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder.

ID: SV-252594r831508_rule
Version: ASP4-FA-050300
Severity: Medium
References: CCI-002165
Updated: 15 days ago

Remediation Templates

Configure the /opt/aspera/faspex/config/secret.yml file to be owned by faspex with the following command:

$ sudo chown faspex /opt/aspera/faspex/config/secret.yml

The IBM Aspera Faspex private/secret cryptographic keys file must be owned by faspex to prevent unauthorized read access.

Description

Remediation Templates

A Manual Procedure