Details

ntp is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. ntp can be configured to be a client and/or a server.

This recommendation only applies if ntp is in use on the system.

Rationale:

If ntp is in use on the system proper configuration is vital to ensuring time synchronization is working properly.

Solution

Add or edit restrict lines in /etc/ntp.conf to match the following:

restrict -4 default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

Add or edit server or pool lines to /etc/ntp.conf as appropriate:

server

Add or edit the OPTIONS in /etc/sysconfig/ntpd to include ‘ -u ntp:ntp ‘:

OPTIONS=’-u ntp:ntp’

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2449https://workbench.cisecurity.org/files/2449

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-8
• CSCv6|6.1
• CSCv7|6.1

Source

• Tenable.com/audits