Remove the ntp service

An XCCDF Rule

Description

The ntpd service should not be installed.

Rationale

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.

ID: xccdf_org.ssgproject.content_rule_package_ntp_removed
Severity: Low
References: CCI-001891

UBTU-22-215025

SV-260481r991589_rule
Updated: about 1 month ago

Remediation Templates

include remove_ntp
class remove_ntp {
  package { 'ntp':
    ensure => 'purged',
  }
}

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - DISA-STIG-UBTU-22-215025
  - disable_strategy  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_ntp_removed
- name: Ensure ntp is removed
  package:
    name: ntp
    state: absent
  when: '"kernel" in ansible_facts.packages'
  tags:
  - DISA-STIG-UBTU-22-215025
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_ntp_removed

# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}
' 'kernel' 2>/dev/null | grep -q installed; then
# CAUTION: This remediation script will remove ntp
#	   from the system, and may remove any packages
#	   that depend on ntp. Execute this#	   remediation AFTER testing on a non-production
#	   system!

DEBIAN_FRONTEND=noninteractive apt-get remove -y "ntp"

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Remove the ntp service

Description

Rationale

Remediation Templates

A Puppet Snippet

An Ansible Snippet

A Shell Script