A remote time server for Chrony is configured
An XCCDF Rule
Description
Chrony
is a daemon which implements the Network Time Protocol (NTP). It is designed to
synchronize system clocks across a variety of systems and use a source that is highly
accurate. More information on chrony
can be found at
http://chrony.tuxfamily.org/.
Chrony
can be configured to be a client and/or a server.
Add or edit server or pool lines to /etc/chrony.conf
as appropriate:
server <remote-server>Multiple servers may be configured.
Rationale
If chrony
is in use on the system proper configuration is vital to ensuring time
synchronization is working properly.
- ID
- xccdf_org.ssgproject.content_rule_chronyd_specify_remote_server
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-84218-7
- NIST-800-53-AU-8(1)(a)
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { rpm --quiet -q chrony; }; then
var_multiple_time_servers='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_multiple_time_servers" use="legacy"/>'