Remove the systemd_timesyncd Service

An XCCDF Rule

Description

The systemd_timesyncd service should not be installed.

Rationale

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.

ID: xccdf_org.ssgproject.content_rule_package_timesyncd_removed
Severity: Low
References: CCI-000366

UBTU-22-215020

SV-260480r991589_rule
Updated: 5 days ago

include remove_systemd-timesyncd

class remove_systemd-timesyncd {
  package { 'systemd-timesyncd':
    ensure => 'purged',
  }}

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - DISA-STIG-UBTU-22-215020
  - disable_strategy  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_timesyncd_removed

- name: Ensure systemd-timesyncd is removed
  package:
    name: systemd-timesyncd
    state: absent
  when: '"kernel" in ansible_facts.packages'
  tags:
  - DISA-STIG-UBTU-22-215020
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_timesyncd_removed

# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}
' 'kernel' 2>/dev/null | grep -q installed; then

# CAUTION: This remediation script will remove systemd-timesyncd
#	   from the system, and may remove any packages#	   that depend on systemd-timesyncd. Execute this
#	   remediation AFTER testing on a non-production
#	   system!

DEBIAN_FRONTEND=noninteractive apt-get remove -y "systemd-timesyncd"

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Remove the systemd_timesyncd Service

Description

Rationale

Remediation - Puppet

Remediation - Ansible

Remediation - Shell Script