search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.17k stars 689 forks source link

needs mapping/rule: SRG-OS-000355-GPOS-00143, SV-86893r2_rule, RHEL-07-040500 (something with ntp) #1853

Closed shawndwells closed 7 years ago

shawndwells commented 7 years ago
SRG-OS-000355-GPOS-00143<GroupDescription></GroupDescription>RHEL-07-040500The operating system must, for networked systems, synchronize clocks with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.^M ^M Synchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.^M ^M Organizations should consider endpoints that may not have regular access to the authoritative time server (e.g., mobile, teleworking, and tactical endpoints).^M ^M Satisfies: SRG-OS-000355-GPOS-00143, SRG-OS-000356-GPOS-00144</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat 7DISADPMS TargetRed Hat 72777CCI-001891CCI-002046Edit the "/etc/ntp.conf" file and add or update an entry to define "maxpoll" to "10" as follows:^M ^M maxpoll 10^M ^M If NTP was running and "maxpoll" was updated, the NTP service must be restarted:^M ^M # systemctl restart ntpd^M ^M If NTP was not running, it must be started:^M ^M # systemctl start ntpdCheck to see if NTP is running in continuous mode.^M ^M # ps -ef | grep ntp^M ^M If NTP is not running, this is a finding.^M ^M If the process is found, then check the "ntp.conf" file for the "maxpoll" option setting:^M ^M # grep maxpoll /etc/ntp.conf^M ^M maxpoll 17^M ^M If the option is set to "17" or is not set, this is a finding.^M ^M If the file does not exist, check the "/etc/cron.daily" subdirectory for a crontab file controlling the execution of the "ntpdate" command.^M ^M # grep –l ntpdate /etc/cron.daily^M ^M # ls -al /etc/cron.* | grep aide^M ntp^M ^M If a crontab file does not exist in the "/etc/cron.daily" that executes the "ntpdate" file, this is a finding.