AlmaLinux OS 9 must prevent the chrony daemon from acting as a server.

An XCCDF Rule

Details
Profiles

Description

Being able to determine the system time of a server can be useful information for various attacks from timebomb attacks to location discovery based on time zone. Minimizing the exposure of the server functionality of the chrony daemon reduces the attack surface.

ID: SV-269333r1050215_rule
Version: ALMA-09-028620
Severity: Medium
References: CCI-000381
Updated: about 2 months ago

Remediation Templates

Configure AlmaLinux OS 9 to disable the chrony daemon from acting as a server by adding/modifying the following line in the /etc/chrony.conf file:

port 0

AlmaLinux OS 9 must prevent the chrony daemon from acting as a server.

Description

Remediation Templates

A Manual Procedure