The IBM Aspera High-Speed Transfer Endpoint must enable password protection of the node database.
An XCCDF Rule
Description
<VulnDiscussion>Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Configuration settings are the set of parameters that can be changed that affect the security posture and/or functionality of the network element. Security-related parameters are those parameters impacting the security state of the network element, including the parameters required to satisfy other security control requirements. For the network element, security-related parameters include settings for network traffic management configurations. System administrators can set a secure password for clients to authenticate with a Redis database. When the authorization layer is enabled, Redis refuses any query by unauthenticated clients. A client can authenticate itself by sending the AUTH command followed by the password.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-252618r818024_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the IBM High-Speed Transfer Endpoint to enable password protection of the node database.
Temporarily change the ownership of the Redis configuration file aspera_31415.conf to the user asperadaemon with the following command:
$ sudo chown asperadaemon /opt/aspera/etc/Redis/aspera_31415.conf