Ensure real-time clock is set to UTC

An XCCDF Rule

Description

Ensure that the system real-time clock (RTC) is set to Coordinated Universal Time (UTC).

Rationale

If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the operating system include date and time. Time is commonly expressed in UTC, a modern continuation of GMT, or local time with an offset from UTC.

ID: xccdf_org.ssgproject.content_rule_ensure_rtc_utc_configuration
Severity: High
References: CCI-001890

AU-8(b)

SRG-OS-000359-GPOS-00146

SLES-12-030310

CCE-83197-4

SV-217282r958788_rule
Updated: over 1 year ago

Remediation Templates

# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel-default; then
if timedatectl status | grep -i "time zone" | grep -iv 'UTC\|GMT'; then
    timedatectl set-timezone UTC
fi
else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-83197-4
  - DISA-STIG-SLES-12-030310  - NIST-800-53-AU-8(b)
  - ensure_rtc_utc_configuration
  - high_severity
- name: Check 'UTC' timezone is set
  shell: |
    set -o pipefail
    timedatectl status | grep -i 'Time zone'| grep -iv 'UTC\|GMT' || true
  register: check_tz
  failed_when: check_tz.rc not in [ 0 , 1 ]
  when: '"kernel-default" in ansible_facts.packages'
  tags:
  - CCE-83197-4
  - DISA-STIG-SLES-12-030310
  - NIST-800-53-AU-8(b)
  - ensure_rtc_utc_configuration
  - high_severity

- name: Configure OS to use 'UTC' timezone
  command: timedatectl set-timezone UTC
  become: true
  when:
  - '"kernel-default" in ansible_facts.packages'
  - check_tz.rc == 0
  tags:
  - CCE-83197-4
  - DISA-STIG-SLES-12-030310
  - NIST-800-53-AU-8(b)
  - ensure_rtc_utc_configuration
  - high_severity

Ensure real-time clock is set to UTC

Description

Rationale

Remediation Templates

A Shell Script

An Ansible Snippet