{"description": "ntpd is a daemon which implements the Network Time Protocol (NTP). It is designed to\nsynchronize system clocks across a variety of systems and use a source that is highly\naccurate. More information on NTP can be found at\n\n http://www.ntp.org.\nntp can be configured to be a client and/or a server.\nTo ensure that ntpd implements correct server restrictions, make sure that the following lines exist in the file /etc/ntpd.conf:\nrestrict -4 default kod nomodify notrap nopeer noquery
\nrestrict -6 default kod nomodify notrap nopeer noquery
\nThis recommendation only applies if ntp is in use on the system.", "rationale": "If ntp is in use on the system proper configuration is vital to ensuring time synchronization\nis working properly.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "restrictions are not configured for ntpd", "ocil": "Run the following command and verify output matches:\n# grep \"^restrict\" /etc/ntp.conf\n\nrestrict -4 default kod nomodify notrap nopeer noquery\nrestrict -6 default kod nomodify notrap nopeer noquery\n
\nThe -4 in the first line is optional and options after default can appear in any order.\nAdditional restriction lines may exist.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[ntp]", "platforms": ["package[ntp]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_ntp"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure server restrictions for ntpd", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml", "template": null}