Install the ntp service

An XCCDF Rule

Description

The ntpd service should be installed.

Rationale

Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.

ID: xccdf_org.ssgproject.content_rule_package_ntp_installed
Severity: High
References: 1 14 15 16 3 5 6

APO11.04 BAI03.05 DSS05.04 DSS05.07 MEA02.01

CCI-000160

4.3.3.3.9 4.3.3.5.8 4.3.4.4.7 4.4.2.1 4.4.2.2 4.4.2.4

SR 2.10 SR 2.11 SR 2.12 SR 2.8 SR 2.9

A.12.4.1 A.12.4.2 A.12.4.3 A.12.4.4 A.12.7.1

CM-6(a)

PR.PT-1

Req-10.4
Updated: over 1 year ago


package install ntp

- name: Ensure ntp is installed
  package:
    name: ntp
    state: present
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.4
  - enable_strategy
  - high_severity
  - low_complexity
  - low_disruption
  - no_reboot_needed
  - package_ntp_installed


package --add=ntp

include install_ntp

class install_ntp {
  package { 'ntp':
    ensure => 'installed',
  }}


[[packages]]
name = "ntp"
version = "*"

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if ! rpm -q --quiet "ntp" ; then
    dnf install -y "ntp"
fi
else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Install the ntp service

Description

Rationale

Remediation - script:kickstart

Remediation - Ansible

Remediation - Anaconda Pre-Install Instructions

Remediation - Puppet

Remediation - OS Build Blueprint

Remediation - Shell Script