Check: ASP4-TS-020310
IBM Aspera Platform 4.2 STIG:
ASP4-TS-020310
(in versions v1 r2 through v1 r1)
Title
The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must be owned by root to prevent unauthorized read access. (Cat II impact)
Discussion
Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. The rootkeystore.db functions as a backup and main source of truth for encrypted secrets.
Check Content
Verify the rootkeystore.db file is owned by root with the following command: $ sudo stat -c "%U" /opt/aspera/etc/rootkeystore.db root If "root" is not returned as a result, this is a finding.
Fix Text
Configure the rootkeystore.db file to be owned by root with the following command: $ sudo chown root /opt/aspera/etc/rootkeystore.db
Additional Identifiers
Rule ID: SV-252647r831533_rule
Vulnerability ID: V-252647
Group Title: SRG-NET-000512-ALG-000062
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002165 |
The information system enforces organization-defined discretionary access control policies over defined subjects and objects. |
Controls
Number | Title |
---|---|
AC-3 (4) |
Discretionary Access Control |