Enable the NTP Daemon
An XCCDF Rule
Description
The ntp
service can be enabled with the following command:
$ sudo systemctl enable ntp.service
Rationale
Enabling the ntp
service ensures that the ntp
service will be running and that the system will synchronize its time to
any servers specified. This is important whether the system is configured to be
a client (and synchronize only its own clock) or it is also acting as an NTP
server to other systems. Synchronizing time is essential for authentication
services such as Kerberos, but it is also important for maintaining accurate
logs and auditing possible security breaches.
The NTP daemon offers all of the functionality of ntpdate
, which is now
deprecated.
- ID
- xccdf_org.ssgproject.content_rule_service_ntp_enabled
- Severity
- High
- References
- Updated
Remediation - OS Build Blueprint
[customizations.services]
enabled = ["ntp"]
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- NIST-800-53-AU-8(1)(a)
- NIST-800-53-CM-6(a)
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { dpkg-query --show --showformat='${db:Status-Status}\n' 'ntp' 2>/dev/null | grep -q installed; }; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'ntp.service'
"$SYSTEMCTL_EXEC" start 'ntp.service'
Remediation - Puppet
include enable_ntp
class enable_ntp {
service {'ntp':
enable => true,
ensure => 'running',