Install the ntp service

An XCCDF Rule

Description

The ntpd service should be installed.

Rationale

Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.

ID: xccdf_org.ssgproject.content_rule_package_ntp_installed
Severity: High
References: 1 14 15 16 3 5 6

APO11.04 BAI03.05 DSS05.04 DSS05.07 MEA02.01

CCI-000160

4.3.3.3.9 4.3.3.5.8 4.3.4.4.7 4.4.2.1 4.4.2.2 4.4.2.4

SR 2.10 SR 2.11 SR 2.12 SR 2.8 SR 2.9

A.12.4.1 A.12.4.2 A.12.4.3 A.12.4.4 A.12.7.1

CM-6(a)

PR.PT-1

Req-10.4
Updated: over 1 year ago

Remediation Templates

package install ntp

- name: Ensure ntp is installed
  package:
    name: ntp
    state: present
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.4
  - enable_strategy
  - high_severity
  - low_complexity
  - low_disruption
  - no_reboot_needed
  - package_ntp_installed

package --add=ntp

include install_ntp
class install_ntp {
  package { 'ntp':
    ensure => 'installed',
  }
}

[[packages]]
name = "ntp"
version = "*"

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
if ! rpm -q --quiet "ntp" ; then
    dnf install -y "ntp"
fi
else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Install the ntp service

Description

Rationale

Remediation Templates

script:kickstart

An Ansible Snippet

Anaconda Pre-Install Instructions

A Puppet Snippet

OS Build Blueprint

A Shell Script