{"description": "Check that Chrony only has time sources configured with the <tt>server</tt> directive.", "rationale": "Depending on the infrastructure being used the <tt>pool</tt> directive may not be supported.\nUsing the <tt>server</tt> directive allows for better control of where the system gets time data from.", "severity": "medium", "references": {"srg": ["SRG-OS-000355-GPOS-00143", "SRG-OS-000356-GPOS-00144", "SRG-OS-000359-GPOS-00146"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "an authoritative remote time server is not configured or configured with pool directive", "ocil": "Run the following command and verify that time sources are only configured with <tt>server</tt> directive:\n<pre># grep -E \"^(server|pool)\" /etc/chrony/chrony.conf</pre>\nA line with the appropriate server should be returned, any line returned starting with <tt>pool</tt> is a finding.", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to securely compare internal information system clocks at least every 24 hours with an NTP server by adding/modifying the following line in the /etc/chrony.conf file.\n\nserver [ntp.server.name] iburst maxpoll 16", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must securely compare internal information system clocks at least every 24 hours with a server synchronized to an authoritative time source, such as the United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).", "warnings": [{"general": "This rule doesn't come with a remediation, the time source needs to be added by the administrator."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[chrony]", "platforms": ["package[chrony]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_chrony"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure Chrony is only configured with the server directive", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml", "template": null}