Check: ASP4-SH-060250
IBM Aspera Platform 4.2 STIG:
ASP4-SH-060250
(in versions v1 r2 through v1 r1)
Title
The IBM Aspera Shares private/secret cryptographic keys file must have a mode of 0400 or less permissive to prevent unauthorized read access. (Cat II impact)
Discussion
Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder.
Check Content
If the IBM Aspera Shares feature of the Aspera Platform is not installed, this is Not Applicable. Verify the /opt/aspera/shares/u/shares/config/aspera/secret.rb file has a mode of "0400" or less permissive with the following command: $ sudo stat -c "%a %n" /opt/aspera/shares/u/shares/config/aspera/secret.rb 400 /opt/aspera/shares/u/shares/config/aspera/secret.rb If the resulting mode is more permissive than "0400", this is a finding.
Fix Text
Configure the /opt/aspera/shares/u/shares/config/aspera/secret.rb file to have a mode of "0400" or less permissive with the following command: $ sudo chmod 0400 /opt/aspera/shares/u/shares/config/aspera/secret.rb
Additional Identifiers
Rule ID: SV-252612r831517_rule
Vulnerability ID: V-252612
Group Title: SRG-NET-000512-ALG-000062
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002165 |
The information system enforces organization-defined discretionary access control policies over defined subjects and objects. |
Controls
Number | Title |
---|---|
AC-3 (4) |
Discretionary Access Control |