Skip to content

A remote time server for Chrony is configured

An XCCDF Rule

Description

Chrony is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on chrony can be found at http://chrony.tuxfamily.org/. Chrony can be configured to be a client and/or a server. Add or edit server or pool lines to /etc/chrony.conf as appropriate:

server <remote-server>
Multiple servers may be configured.

Rationale

If chrony is in use on the system proper configuration is vital to ensuring time synchronization is working properly.

ID
xccdf_org.ssgproject.content_rule_chronyd_specify_remote_server
Severity
Medium
References
Updated



Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-84218-7
  - NIST-800-53-AU-8(1)(a)

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { rpm --quiet -q chrony; }; then

var_multiple_time_servers='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_multiple_time_servers" use="legacy"/>'