Check: ASP4-TS-020300
IBM Aspera Platform 4.2 STIG:
ASP4-TS-020300
(in versions v1 r2 through v1 r1)
Title
The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must be group-owned by root to prevent unauthorized read access. (Cat II impact)
Discussion
Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. The rootkeystore.db functions as a backup and main source of truth for encrypted secrets.
Check Content
Verify the rootkeystore.db file is group-owned by root with the following command: $ sudo stat -c "%G" /opt/aspera/etc/rootkeystore.db root If "root" is not returned as a result, this is a finding.
Fix Text
Configure the rootkeystore.db file to be group-owned by root with the following command: $ sudo chgrp root /opt/aspera/etc/rootkeystore.db
Additional Identifiers
Rule ID: SV-252646r831532_rule
Vulnerability ID: V-252646
Group Title: SRG-NET-000512-ALG-000062
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002165 |
The information system enforces organization-defined discretionary access control policies over defined subjects and objects. |
Controls
Number | Title |
---|---|
AC-3 (4) |
Discretionary Access Control |