Specify a Remote NTP Server
An XCCDF Rule
Description
Depending on specific functional requirements of a concrete
production environment, the Red Hat Enterprise Linux 8 system can be
configured to utilize the services of the chronyd
NTP daemon (the
default), or services of the ntpd
NTP daemon. Refer to
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-configuring_ntp_using_the_chrony_suite
for more detailed comparison of the features of both of the choices, and for
further guidance how to choose between the two NTP daemons.
To specify a remote NTP server for time synchronization, perform the following:
- if the system is configured to use the
chronyd
as the NTP daemon (the default), edit the file/etc/chrony.conf
as follows, - if the system is configured to use the
ntpd
as the NTP daemon, edit the file/etc/ntp.conf
as documented below.
server ntpserverThis instructs the NTP software to contact that remote server to obtain time data.
Rationale
Synchronizing with an NTP server makes it possible to collate system logs from multiple sources or correlate computer events with real time events.
- ID
- xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_specify_remote_server
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { ( [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && ( rpm --quiet -q chrony || rpm --quiet -q ntp ) ); }; then
var_multiple_time_servers='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_multiple_time_servers" use="legacy"/>'
Remediation - Kubernetes Patch
---
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
config:
ignition: