STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must, for networked systems, synchronize clocks with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).

DISA Rule

SV-204603r603261_rule

Vulnerability Number

V-204603

Group Title

SRG-OS-000355-GPOS-00143

Rule Version

RHEL-07-040500

Severity

CAT II

CCI(s)

• CCI-001891 - The information system compares internal information system clocks on an organization-defined frequency with an organization-defined authoritative time source.
• CCI-002046 - The information system synchronizes the internal system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.

Weight

10

Fix Recommendation

Edit the "/etc/ntp.conf" or "/etc/chrony.conf" file and add or update an entry to define "maxpoll" to "10" as follows:

server 0.rhel.pool.ntp.org iburst maxpoll 10

If NTP was running and "maxpoll" was updated, the NTP service must be restarted:

# systemctl restart ntpd

If NTP was not running, it must be started:

# systemctl start ntpd

If "chronyd" was running and "maxpoll" was updated, the service must be restarted:

# systemctl restart chronyd.service

If "chronyd" was not running, it must be started:

# systemctl start chronyd.service

Check Contents

Check to see if NTP is running in continuous mode:

# ps -ef | grep ntp

If NTP is not running, check to see if "chronyd" is running in continuous mode:

# ps -ef | grep chronyd

If NTP or "chronyd" is not running, this is a finding.

If the NTP process is found, then check the "ntp.conf" file for the "maxpoll" option setting:

# grep maxpoll /etc/ntp.conf

server 0.rhel.pool.ntp.org iburst maxpoll 10

If the option is set to "17" or is not set, this is a finding.

If the file does not exist, check the "/etc/cron.daily" subdirectory for a crontab file controlling the execution of the "ntpd -q" command.

# grep -i "ntpd -q" /etc/cron.daily/*
# ls -al /etc/cron.* | grep ntp

ntp

If a crontab file does not exist in the "/etc/cron.daily" that executes the "ntpd -q" command, this is a finding.

If the "chronyd" process is found, then check the "chrony.conf" file for the "maxpoll" option setting:

# grep maxpoll /etc/chrony.conf

server 0.rhel.pool.ntp.org iburst maxpoll 10

If the option is not set or the line is commented out, this is a finding.

Vulnerability Number

V-204603

Documentable

False

Rule Version

RHEL-07-040500

Severity Override Guidance

Check to see if NTP is running in continuous mode:

# ps -ef | grep ntp

If NTP is not running, check to see if "chronyd" is running in continuous mode:

# ps -ef | grep chronyd

If NTP or "chronyd" is not running, this is a finding.

If the NTP process is found, then check the "ntp.conf" file for the "maxpoll" option setting:

# grep maxpoll /etc/ntp.conf

server 0.rhel.pool.ntp.org iburst maxpoll 10

If the option is set to "17" or is not set, this is a finding.

If the file does not exist, check the "/etc/cron.daily" subdirectory for a crontab file controlling the execution of the "ntpd -q" command.

# grep -i "ntpd -q" /etc/cron.daily/*
# ls -al /etc/cron.* | grep ntp

ntp

If a crontab file does not exist in the "/etc/cron.daily" that executes the "ntpd -q" command, this is a finding.

If the "chronyd" process is found, then check the "chrony.conf" file for the "maxpoll" option setting:

# grep maxpoll /etc/chrony.conf

server 0.rhel.pool.ntp.org iburst maxpoll 10

If the option is not set or the line is commented out, this is a finding.

Check Content Reference

M

Target Key

2899

Comments