The IBM Aspera High-Speed Transfer Server must restrict Aspera transfer users to a limited part of the server's file system.

An XCCDF Rule

Details
Profiles

Description

By restricting the transfer users to a limited part of the server's file system, this prevents unauthorized data transfers. By default, all system users can establish a FASP connection and are only restricted by file permissions.

ID: SV-252641r818093_rule
Version: ASP4-TS-020250
Severity: Medium
References: CCI-000382
Updated: 23 days ago

Remediation Templates

Configure the Aspera High-Speed Transfer Server to restrict Aspera transfer users to a limited part of the server's file system with the following command:

$ sudo /opt/aspera/bin/asconfigurator -x "set_user_data; user_name, <username>;canonical_absolute,<transferfolder>; absolute,<transferfolder>"

Restart the IBM Aspera Node service to activate the changes.

$ sudo systemctl restart asperanoded.service

The IBM Aspera High-Speed Transfer Server must restrict Aspera transfer users to a limited part of the server's file system.

Description

Remediation Templates

A Manual Procedure