Check: ASP4-TS-020320
IBM Aspera Platform 4.2 STIG:
ASP4-TS-020320
(in versions v1 r2 through v1 r1)
Title
The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must have a mode of 0600 or less permissive to prevent unauthorized read access. (Cat II impact)
Discussion
Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. The rootkeystore.db functions as a backup and main source of truth for encrypted secrets.
Check Content
Verify the rootkeystore.db file has a mode of "0600" or less permissive with the following command: $ sudo stat -c "%a %n" /opt/aspera/etc/rootkeystore.db 600 /opt/aspera/etc/rootkeystore.db If the resulting mode is more permissive than "0600", this is a finding.
Fix Text
Configure the rootkeystore.db file to have a mode of "0600" or less permissive with the following command: $ sudo chmod 0600 /opt/aspera/etc/rootkeystore.db
Additional Identifiers
Rule ID: SV-252648r831534_rule
Vulnerability ID: V-252648
Group Title: SRG-NET-000512-ALG-000062
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002165 |
The information system enforces organization-defined discretionary access control policies over defined subjects and objects. |
Controls
Number | Title |
---|---|
AC-3 (4) |
Discretionary Access Control |