Ensure that chronyd is running under chrony user account
An XCCDF Rule
Description
chrony is a daemon which implements the Network Time Protocol (NTP). It is designed to
synchronize system clocks across a variety of systems and use a source that is highly
accurate. More information on chrony can be found at
http://chrony.tuxfamily.org/.
Chrony can be configured to be a client and/or a server.
To ensure that chronyd is running under chrony user account,
user variable in /etc/chrony/chrony.conf is set to _chrony or is
absent:
user _chronyThis recommendation only applies if chrony is in use on the system.
Rationale
If chrony is in use on the system proper configuration is vital to ensuring time synchronization is working properly.
- ID
- xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user
- Severity
- Medium
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { dpkg-query --show --showformat='${db:Status-Status}\n' 'chrony' 2>/dev/null | grep -q installed; }; then
# Strip any search characters in the key arg so that the key can be replaced without
# adding any search characters to the config file.
stripped_key=$(sed 's/[\^=\$,;+]*//g' <<< "^user")