{"description": " To properly set the group owner of <code>/etc/chrony.keys</code>, run the command:\n<pre>$ sudo chgrp chrony /etc/chrony.keys</pre>\n", "rationale": "The ownership of the /etc/chrony.keys file by the chrony group is important\nbecause this file hosts chrony cryptographic keys. Protection\nof this file is critical for system security. Assigning the ownership to\nchrony ensures exclusive control of the chrony cryptography keys.", "severity": "medium", "references": {"anssi": ["R50"]}, "control_references": {"anssi": ["R50"]}, "components": [], "identifiers": {}, "ocil_clause": "/etc/chrony.keys does not have a group owner of\nchrony\n", "ocil": "To check the group ownership of <code>/etc/chrony.keys</code>,\nrun the command:\n<pre>$ ls -lL /etc/chrony.keys</pre>\nIf properly configured, the output should indicate the following group-owner:\n\n  <code>chrony</code>\n  ", "oval_external_content": null, "fixtext": " Change the group of the file /etc/chrony.keys to chrony by running the following command:\n$ sudo chgrp chrony /etc/chrony.keys", "checktext": "", "vuldiscussion": "", "srg_requirement": " The Ubuntu 22.04 /etc/chrony.keys file must be group-owned by chrony.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Group Who Owns /etc/chrony.keys File", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ntp/file_groupowner_etc_chrony_keys/rule.yml", "template": {"name": "file_groupowner", "vars": {"filepath": "/etc/chrony.keys", "gid_or_name": "chrony"}, "backends": {}}}