The IBM Aspera High-Speed Transfer Server must restrict Aspera transfer users to a limited part of the server's file system.

An XCCDF Rule

Description

<VulnDiscussion>By restricting the transfer users to a limited part of the server's file system, this prevents unauthorized data transfers. By default, all system users can establish a FASP connection and are only restricted by file permissions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-252641r818093_rule
Severity: Medium
References: CCI-000382
Updated: about 1 year ago

Configure the Aspera High-Speed Transfer Server to restrict Aspera transfer users to a limited part of the server's file system with the following command:

$ sudo /opt/aspera/bin/asconfigurator -x "set_user_data; user_name, <username>;canonical_absolute,<transferfolder>; absolute,<transferfolder>"

Restart the IBM Aspera Node service to activate the changes.
$ sudo systemctl restart asperanoded.service

The IBM Aspera High-Speed Transfer Server must restrict Aspera transfer users to a limited part of the server's file system.

Description

Remediation - Manual Procedure