The IBM Aspera High-Speed Transfer Server must not use the root account for transfers.

An XCCDF Rule

Description

<VulnDiscussion>By incorporating a least privilege approach to the configuration of the Aspera HSTS platform, this will reduce the exposure of privileged accounts. By default, all system users can establish a FASP connection and are only restricted by file permissions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-252640r818090_rule
Severity: Medium
References: CCI-000382
Updated: about 1 year ago

Configure the Aspera High-Speed Transfer Server to restrict the use of the root account for transfers.

For each privilege that is set to "true", run the following command:

$ sudo /opt/aspera/bin/asconfigurator -x "set_user_data;user_name,root;<privilege>,false"
Restart the IBM Aspera Node service to activate the changes.

$ sudo systemctl restart asperanoded.service

The IBM Aspera High-Speed Transfer Server must not use the root account for transfers.

Description

Remediation - Manual Procedure