The Chronyd service is enabled
An XCCDF Rule
Description
chrony is a daemon which implements the Network Time Protocol (NTP) is designed to
synchronize system clocks across a variety of systems and use a source that is highly
accurate. More information on chrony can be found at
https://chrony-project.org/.
Chrony can be configured to be a client and/or a server.
To enable Chronyd service, you can run:
# systemctl enable chronyd.service
This recommendation only applies if chrony is in use on the system.
Rationale
If chrony is in use on the system proper configuration is vital to ensuring time synchronization is working properly.
- ID
- xccdf_org.ssgproject.content_rule_service_chronyd_enabled
- Severity
- Medium
- References
- Updated
Remediation - Puppet
include enable_chronyd
class enable_chronyd {
service {'chronyd':
enable => true,
ensure => 'running',
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- enable_strategy
- low_complexity
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel && { rpm --quiet -q chrony; }; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'chronyd.service'
"$SYSTEMCTL_EXEC" start 'chronyd.service'
Remediation - OS Build Blueprint
[customizations.services]
enabled = ["chronyd"]