Install the ntp service

An XCCDF Rule

Description

The ntpd service should be installed.

Rationale

Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.

ID: xccdf_org.ssgproject.content_rule_package_ntp_installed
Severity: High
References: 1 14 15 16 3 5 6

APO11.04 BAI03.05 DSS05.04 DSS05.07 MEA02.01

CCI-000160

4.3.3.3.9 4.3.3.5.8 4.3.4.4.7 4.4.2.1 4.4.2.2 4.4.2.4

SR 2.10 SR 2.11 SR 2.12 SR 2.8 SR 2.9

A.12.4.1 A.12.4.2 A.12.4.3 A.12.4.4 A.12.7.1

CM-6(a)

PR.PT-1

Req-10.4
Updated: over 1 year ago

Remediation Templates

include install_ntp
class install_ntp {
  package { 'ntp':
    ensure => 'installed',
  }
}

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.4  - enable_strategy
  - high_severity
  - low_complexity
  - low_disruption
  - no_reboot_needed
  - package_ntp_installed
- name: Ensure ntp is installed
  package:
    name: ntp
    state: present
  when: '"kernel" in ansible_facts.packages'
  tags:
  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.4
  - enable_strategy
  - high_severity
  - low_complexity
  - low_disruption
  - no_reboot_needed
  - package_ntp_installed

package install ntp

[[packages]]
name = "ntp"
version = "*"

dnf install ntp

package --add=ntp

# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel; then
if ! rpm -q --quiet "ntp" ; then
    yum install -y "ntp"
fi
else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Install the ntp service

Description

Rationale

Remediation Templates

A Puppet Snippet

An Ansible Snippet

script:kickstart

OS Build Blueprint

script:bootc

Anaconda Pre-Install Instructions

A Shell Script