Details

chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on chrony can be found at http://chrony.tuxfamily.org/. chrony can be configured to be a client and/or a server.

Rationale:

If chrony is in use on the system proper configuration is vital to ensuring time synchronization is working properly.

This recommendation only applies if chrony is in use on the system.

Solution

Add or edit server or pool lines to /etc/chrony.conf as appropriate:

server
Add or edit the OPTIONS in /etc/sysconfig/chronyd to include ‘-u chrony’:
OPTIONS=’-u chrony’

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2449https://workbench.cisecurity.org/files/2449

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-8
• CSCv7|6.1

Source

• Tenable.com/audits