Specify Additional Remote NTP Servers
An XCCDF Rule
Description
Depending on specific functional requirements of a concrete
production environment, the Oracle Linux 8 system can be
configured to utilize the services of the chronyd
NTP daemon (the
default), or services of the ntpd
NTP daemon. Refer to
https://docs.oracle.com/en/operating-systems/oracle-linux/8/network/network-ConfiguringNetworkTime.html#ol-nettime
for more detailed comparison of the features of both of the choices, and for
further guidance how to choose between the two NTP daemons.
Additional NTP servers can be specified for time synchronization. To do so,
perform the following:
- if the system is configured to use the
chronyd
as the NTP daemon (the default), edit the file/etc/chrony.conf
as follows, - if the system is configured to use the
ntpd
as the NTP daemon, edit the file/etc/ntp.conf
as documented below.
server ntpserver
Rationale
Specifying additional NTP servers increases the availability of accurate time data, in the event that one of the specified servers becomes unavailable. This is typical for a system acting as an NTP server for other systems.
- ID
- xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_specify_multiple_servers
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
var_multiple_time_servers='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_multiple_time_servers" use="legacy"/>'
Remediation - Ansible
- name: XCCDF Value var_multiple_time_servers # promote to variable
set_fact:
var_multiple_time_servers: !!str <xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_multiple_time_servers" use="legacy"/>
tags:
- always