{"description": "Chrony is a daemon which implements the Network Time Protocol (NTP). It is designed\nto synchronize system clocks across a variety of systems and use a source that is highly\naccurate. More information on chrony can be found at\n\n https://chrony-project.org/.\nChrony can be configured to be a client and/or a server.\nAdd or edit server or pool lines to /etc/chrony/chrony.conf as appropriate:\nserver <remote-server>
\nAlternatively, server or pool directives can be specified in files included via\nsourcedir or confdir directives in /etc/chrony/chrony.conf.\nWhen using sourcedir, create .sources files in the specified directory:\n# In /etc/chrony/chrony.conf:\nsourcedir /etc/chrony/sources.d\n\n# In /etc/chrony/sources.d/ntp.sources:\nserver 0.pool.ntp.org
\nWhen using confdir, create .conf files in the specified directory:\n# In /etc/chrony/chrony.conf:\nconfdir /etc/chrony/conf.d\n\n# In /etc/chrony/conf.d/ntp-servers.conf:\npool 1.pool.ntp.org
\nMultiple servers may be configured.", "rationale": "If chrony is in use on the system proper configuration is vital to ensuring time\nsynchronization is working properly.", "severity": "medium", "references": {"nist": ["CM-6(a)", "AU-8(1)(a)"], "pcidss": ["Req-10.4.3"], "srg": ["SRG-OS-000355-GPOS-00143"], "anssi": ["R71"], "ism": ["0988", "1405"], "pcidss4": ["10.6.2", "10.6"]}, "control_references": {"anssi": ["R71"], "ism": ["0988", "1405"], "pcidss4": ["10.6.2", "10.6"]}, "components": [], "identifiers": {}, "ocil_clause": "a remote time server is not configured", "ocil": "Verify that a remote time server is configured. First, check the main configuration file:\n# grep -E \"^(server|pool)\" /etc/chrony/chrony.conf
\nIf no server or pool directive is found, check for sourcedir or confdir directives:\n# grep -E \"^(sourcedir|confdir)\" /etc/chrony/chrony.conf
\nFor each sourcedir found, check .sources files in that directory:\n# grep -E \"^(server|pool)\" /path/to/sourcedir/*.sources
\nFor each confdir found, check .conf files in that directory:\n# grep -E \"^(server|pool)\" /path/to/confdir/*.conf
\nAt least one server or pool directive must be present in the main configuration file\nor in files within directories specified by sourcedir or confdir directives.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[chrony]", "platforms": ["package[chrony]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_chrony"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "A remote time server for Chrony is configured", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml", "template": null}