Skip to content

Enable the NTP Daemon

An XCCDF Rule

Description

The ntpd service can be enabled with the following command:

$ sudo systemctl enable ntpd.service

Rationale

Enabling the ntpd service ensures that the ntpd service will be running and that the system will synchronize its time to any servers specified. This is important whether the system is configured to be a client (and synchronize only its own clock) or it is also acting as an NTP server to other systems. Synchronizing time is essential for authentication services such as Kerberos, but it is also important for maintaining accurate logs and auditing possible security breaches.

The NTP daemon offers all of the functionality of ntpdate, which is now deprecated.

ID
xccdf_org.ssgproject.content_rule_service_ntpd_enabled
Severity
Medium
References
Updated



Remediation - OS Build Blueprint


[customizations.services]
enabled = ["ntpd"]

Remediation - Puppet

include enable_ntpd

class enable_ntpd {
  service {'ntpd':
    enable => true,
    ensure => 'running',

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { rpm --quiet -q ntp; }; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'ntpd.service'
"$SYSTEMCTL_EXEC" start 'ntpd.service'

Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-91295-6
  - NIST-800-53-AU-8(1)(a)