The IBM Aspera High-Speed Transfer Server must not use the root account for transfers.

An XCCDF Rule

Details
Profiles

Description

By incorporating a least privilege approach to the configuration of the Aspera HSTS platform, this will reduce the exposure of privileged accounts. By default, all system users can establish a FASP connection and are only restricted by file permissions.

ID: SV-252640r818090_rule
Version: ASP4-TS-020240
Severity: Medium
References: CCI-000382
Updated: 15 days ago

Remediation Templates

Configure the Aspera High-Speed Transfer Server to restrict the use of the root account for transfers.

For each privilege that is set to "true", run the following command:

$ sudo /opt/aspera/bin/asconfigurator -x "set_user_data;user_name,root;<privilege>,false"
Restart the IBM Aspera Node service to activate the changes.

$ sudo systemctl restart asperanoded.service

The IBM Aspera High-Speed Transfer Server must not use the root account for transfers.

Description

Remediation Templates

A Manual Procedure