The IBM Aspera High-Speed Transfer Server must set the default docroot to an empty folder.

An XCCDF Rule

Details
Profiles

Description

By restricting the default document root for the Aspera HSTS, this allows for explicit access to be defined on a per user basis. By default, all system users can establish a FASP connection and are only restricted by file permissions.

ID: SV-252645r818105_rule
Version: ASP4-TS-020290
Severity: Medium
References: CCI-000382
Updated: 15 days ago

Remediation Templates

Configure the Aspera High-Speed Transfer Server to set the default docroot to an empty folder with the following command:

$ sudo /opt/aspera/bin/asconfigurator -x "set_node_data;canonical_absolute,<someemptyfolder>; absolute,<someemptyfolder>"

Restart the IBM Aspera Node service to activate the changes.

$ sudo systemctl restart asperanoded.service

The IBM Aspera High-Speed Transfer Server must set the default docroot to an empty folder.

Description

Remediation Templates

A Manual Procedure