{"description": "The Network Time Protocol is used to manage the system\nclock over a network. Computer clocks are not very accurate, so\ntime will drift unpredictably on unmanaged systems. Central time\nprotocols can be used both to ensure that time is consistent among\na network of systems, and that their time is consistent with the\noutside world.\n<br /><br />\nIf every system on a network reliably reports the same time, then it is much\neasier to correlate log messages in case of an attack. In addition, a number of\ncryptographic protocols (such as Kerberos) use timestamps to prevent certain\ntypes of attacks. If your network does not have synchronized time, these\nprotocols may be unreliable or even unusable.\n<br /><br />\nDepending on the specifics of the network, global time accuracy may be just as\nimportant as local synchronization, or not very important at all. If your\nnetwork is connected to the Internet, using a public timeserver (or one\nprovided by your enterprise) provides globally accurate timestamps which may be\nessential in investigating or responding to an attack which originated outside\nof your network.\n<br /><br />\nA typical network setup involves a small number of internal systems operating\nas NTP servers, and the remainder obtaining time information from those\ninternal servers.\n<br /><br />\nThere is a choice between the daemons <tt>ntpd</tt> and <tt>chronyd</tt>, which\nare available from the repositories in the <tt>ntp</tt> and <tt>chrony</tt>\npackages respectively.\n<br /><br />\nThe default <tt>chronyd</tt> daemon can work well when external time references\nare only intermittently accessible, can perform well even when the network is\ncongested for longer periods of time, can usually synchronize the clock faster\nand with better time accuracy, and quickly adapts to sudden changes in the rate\nof the clock, for example, due to changes in the temperature of the crystal\noscillator. <tt>Chronyd</tt> should be considered for all systems which are\nfrequently suspended or otherwise intermittently disconnected and reconnected\nto a network. Mobile and virtual systems for example.\n<br /><br />\nThe <tt>ntpd</tt> NTP daemon fully supports NTP protocol version 4 (RFC 5905),\nincluding broadcast, multicast, manycast clients and servers, and the orphan\nmode. It also supports extra authentication schemes based on public-key\ncryptography (RFC 5906). The NTP daemon (<tt>ntpd</tt>) should be considered\nfor systems which are normally kept permanently on. Systems which are required\nto use broadcast or multicast IP, or to perform authentication of packets with\nthe <tt>Autokey</tt> protocol, should consider using <tt>ntpd</tt>.\n<br /><br />\nRefer to\n\n    \n    <a xmlns='http://www.w3.org/1999/xhtml' href='https://help.ubuntu.com/lts/serverguide/NTP.html'>https://help.ubuntu.com/lts/serverguide/NTP.html</a>\n\nfor more detailed comparison of features of <tt>chronyd</tt>\nand <tt>ntpd</tt> daemon features respectively, and for further guidance how to\nchoose between the two NTP daemons.\n<br /><br />\nThe upstream manual pages at \n    <a xmlns='http://www.w3.org/1999/xhtml' href='https://chrony-project.org/documentation.html'>https://chrony-project.org/documentation.html</a> for\n<tt>chronyd</tt> and \n    <a xmlns='http://www.w3.org/1999/xhtml' href='http://www.ntp.org'>http://www.ntp.org</a> for <tt>ntpd</tt> provide additional\ninformation on the capabilities and configuration of each of the NTP daemons.", "warnings": [], "requires": [], "conflicts": [], "values": ["var_multiple_time_pools", "var_multiple_time_servers", "var_time_service_set_maxpoll", "var_timesync_service"], "groups": {}, "rules": ["chrony_set_nts", "chronyd_client_only", "chronyd_configure_pool_and_server", "chronyd_no_chronyc_network", "chronyd_or_ntpd_set_maxpoll", "chronyd_or_ntpd_specify_multiple_servers", "chronyd_or_ntpd_specify_remote_server", "chronyd_run_as_chrony_user", "chronyd_server_directive", "chronyd_specify_remote_server", "chronyd_sync_clock", "file_groupowner_etc_chrony_keys", "file_owner_etc_chrony_keys", "file_permissions_etc_chrony_keys", "ntp_single_service_active", "ntpd_configure_restrictions", "ntpd_run_as_ntp_user", "ntpd_specify_multiple_servers", "ntpd_specify_remote_server", "package_chrony_installed", "package_ntp_installed", "package_ntp_removed", "package_timesyncd_installed", "package_timesyncd_removed", "service_chronyd_disabled", "service_chronyd_enabled", "service_chronyd_or_ntpd_enabled", "service_ntp_enabled", "service_ntpd_enabled", "service_timesyncd_configured", "service_timesyncd_disabled", "service_timesyncd_enabled", "service_timesyncd_root_distance_configured"], "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "title": "Network Time Protocol", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ntp/group.yml"}