Synchronize internal information system clocks

An XCCDF Rule

Description

Synchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.

Rationale

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events.

ID: xccdf_org.ssgproject.content_rule_chronyd_sync_clock
Severity: Medium
References: CCI-002046

SRG-OS-000356-GPOS-00144
Updated: about 1 year ago

- name: Synchronize internal information system clocks
  lineinfile:
    path: /etc/chrony/chrony.conf
    create: true
    line: makestep 1 -1
    state: present  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
  - chronyd_sync_clock
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if [ -e "/etc/chrony/chrony.conf" ] ; then
    
    LC_ALL=C sed -i "/^\s*makestep 1 \-1/Id" "/etc/chrony/chrony.conf"else
    touch "/etc/chrony/chrony.conf"
fi
# make sure file has newline at the end
sed -i -e '$a\' "/etc/chrony/chrony.conf"

cp "/etc/chrony/chrony.conf" "/etc/chrony/chrony.conf.bak"
# Insert at the end of the file
printf '%s\n' "makestep 1 -1" >> "/etc/chrony/chrony.conf"
# Clean up after ourselves.
rm "/etc/chrony/chrony.conf.bak"

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Synchronize internal information system clocks

Description

Rationale

Remediation - Ansible

Remediation - Shell Script