Enable the NTP Daemon

An XCCDF Rule

Description

The ntpd service can be enabled with the following command:

$ sudo systemctl enable ntpd.service

warning alert: Warning

The

ntp

package is not available in Red Hat Enterprise Linux 9. Please consider the

chrony

package instead together with the respective

service_chronyd_enabled

rule.

Rationale

Enabling the ntpd service ensures that the ntpd service will be running and that the system will synchronize its time to any servers specified. This is important whether the system is configured to be a client (and synchronize only its own clock) or it is also acting as an NTP server to other systems. Synchronizing time is essential for authentication services such as Kerberos, but it is also important for maintaining accurate logs and auditing possible security breaches.

The NTP daemon offers all of the functionality of ntpdate, which is now deprecated.

ID: xccdf_org.ssgproject.content_rule_service_ntpd_enabled
Severity: Medium
References: 1 14 15 16 3 5 6

APO11.04 BAI03.05 DSS05.04 DSS05.07 MEA02.01

4.3.3.3.9 4.3.3.5.8 4.3.4.4.7 4.4.2.1 4.4.2.2 4.4.2.4

SR 2.10 SR 2.11 SR 2.12 SR 2.8 SR 2.9

A.12.4.1 A.12.4.2 A.12.4.3 A.12.4.4 A.12.7.1

AU-8(1)(a) CM-6(a)

PR.PT-1

Req-10.4

10.6.1
Updated: 5 days ago


service enable ntpd

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - NIST-800-53-AU-8(1)(a)
  - NIST-800-53-CM-6(a)  - PCI-DSS-Req-10.4
  - PCI-DSSv4-10.6.1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - service_ntpd_enabled

- name: Enable the NTP Daemon - Enable service ntpd
  block:

  - name: Gather the package facts
    package_facts:
      manager: auto

  - name: Enable the NTP Daemon - Enable Service ntpd
    ansible.builtin.systemd:
      name: ntpd
      enabled: true
      state: started
      masked: false
    when:
    - '"ntp" in ansible_facts.packages'
  when:
  - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  - '"ntp" in ansible_facts.packages'
  tags:
  - NIST-800-53-AU-8(1)(a)
  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.4
  - PCI-DSSv4-10.6.1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - service_ntpd_enabled


[customizations.services]
enabled = ["ntpd"]

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { rpm --quiet -q ntp; }; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'ntpd.service'
"$SYSTEMCTL_EXEC" start 'ntpd.service'"$SYSTEMCTL_EXEC" enable 'ntpd.service'

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

include enable_ntpd

class enable_ntpd {
  service {'ntpd':
    enable => true,
    ensure => 'running',  }
}

Enable the NTP Daemon

Description

Rationale

Remediation - script:kickstart

Remediation - Ansible

Remediation - OS Build Blueprint

Remediation - Shell Script

Remediation - Puppet