The IBM Aspera High-Speed Transfer Server must set the default docroot to an empty folder.

An XCCDF Rule

Description

<VulnDiscussion>By restricting the default document root for the Aspera HSTS, this allows for explicit access to be defined on a per user basis. By default, all system users can establish a FASP connection and are only restricted by file permissions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-252645r818105_rule
Severity: Medium
References: CCI-000382
Updated: about 1 year ago

Configure the Aspera High-Speed Transfer Server to set the default docroot to an empty folder with the following command:

$ sudo /opt/aspera/bin/asconfigurator -x "set_node_data;canonical_absolute,<someemptyfolder>; absolute,<someemptyfolder>"

Restart the IBM Aspera Node service to activate the changes.
$ sudo systemctl restart asperanoded.service

The IBM Aspera High-Speed Transfer Server must set the default docroot to an empty folder.

Description

Remediation - Manual Procedure