{"description": "chrony is a daemon which implements the Network Time Protocol (NTP). It is designed to\nsynchronize system clocks across a variety of systems and use a source that is highly\naccurate. More information on chrony can be found at\n\n    <a xmlns='http://www.w3.org/1999/xhtml' href='https://chrony-project.org/'>https://chrony-project.org/</a>.\nChrony can be configured to be a client and/or a server.\nTo ensure that chronyd is running under chrony user account,\n\n<tt>user</tt> variable in <tt>/etc/chrony/chrony.conf</tt> is set to <tt>_chrony</tt> or is\nabsent:\n<pre>user _chrony</pre>\n\nThis recommendation only applies if chrony is in use on the system.", "rationale": "If chrony is in use on the system proper configuration is vital to ensuring time synchronization\nis working properly.", "severity": "medium", "references": {"cis": ["2.3.3.2"], "pcidss4": ["10.6.3", "10.6"]}, "control_references": {"cis": ["2.3.3.2"], "pcidss4": ["10.6.3", "10.6"]}, "components": [], "identifiers": {}, "ocil_clause": "chronyd is not running under chrony user account", "ocil": "\nRun the following command and verify that <tt>user</tt> is set to <tt>_chrony</tt> in <tt>/etc/chrony/chrony.conf</tt>\nor the <tt>user</tt> parameter is absent:\n<pre># grep \"^user\" /etc/chrony/chrony.conf\nuser _chrony</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[chrony]", "platforms": ["package[chrony]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_chrony"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure that chronyd is running under chrony user account", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml", "template": null}