{"description": "chrony is a daemon which implements the Network Time Protocol (NTP) is designed to\nsynchronize system clocks across a variety of systems and use a source that is highly\naccurate. More information on chrony can be found at\n\n    <a xmlns='http://www.w3.org/1999/xhtml' href='https://chrony-project.org/'>https://chrony-project.org/</a>.\nChrony can be configured to be a client and/or a server.\nTo enable Chronyd service, you can run:\n<tt># systemctl enable chronyd.service</tt>\nThis recommendation only applies if chrony is in use on the system.", "rationale": "If chrony is in use on the system proper configuration is vital to ensuring time\nsynchronization is working properly.", "severity": "medium", "references": {"srg": ["SRG-OS-000355-GPOS-00143"], "anssi": ["R71"], "cis": ["2.3.1.1"], "ism": ["0988", "1405"]}, "control_references": {"anssi": ["R71"], "cis": ["2.3.1.1"], "ism": ["0988", "1405"]}, "components": [], "identifiers": {}, "ocil_clause": "the chronyd process is not running", "ocil": "\n\nRun the following command to determine the current status of the\n<code>chronyd</code> service:\n<pre>$ sudo systemctl is-active chronyd</pre>\nIf the service is running, it should return the following: <pre>active</pre>", "oval_external_content": null, "fixtext": "To enable the chronyd service run the following command:\n$ sudo systemctl enable --now chronyd", "checktext": "", "vuldiscussion": "", "srg_requirement": "The Ubuntu 22.04 service chronyd must be enabled.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 chronyd service must be enabled.", "vuldiscussion": "Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.\n\nSynchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.", "checktext": "Verify the chronyd service is active with the following command:\n\n$ systemctl is-active chronyd\n\nactive\n\nIf the chronyd service is not active, this is a finding.", "fixtext": "To enable the chronyd service run the following command:\n\n$ sudo systemctl enable --now chronyd"}}, "platform": "package[chrony]", "platforms": ["package[chrony]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_chrony"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "The Chronyd service is enabled", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml", "template": {"name": "service_enabled_guard_var", "vars": {"packagename": "chrony", "servicename": "chrony", "variable": "var_timesync_service", "value": "chronyd"}, "backends": {}}}