documentation_complete: true


title: 'Chrony Configure Pool and Server'

description: |-
    <tt>Chrony</tt> is a daemon which implements the Network Time Protocol (NTP). It is designed to
    synchronize system clocks across a variety of systems and use a source that is highly
    accurate. More information on <tt>chrony</tt> can be found at
    {{{ weblink(link="https://chrony-project.org/") }}}.
    <tt>Chrony</tt> can be configured to be a client and/or a server.
    Add or edit server or pool lines to <tt>{{{ chrony_conf_path }}}</tt> as appropriate:
    <pre>server &lt;remote-server&gt;</pre>
    Multiple servers may be configured.

rationale: |-
    If <tt>chrony</tt> is in use on the system proper configuration is vital to ensuring time
    synchronization is working properly.

severity: medium

platform: package[chrony]

identifiers:
    cce@rhel10: CCE-89285-1
    cce@sle12: CCE-92394-6
    cce@sle15: CCE-92526-3
    cce@slmicro5: CCE-93908-2

references:
    cis@sle12: 2.2.1.3
    cis@sle15: 2.2.1.3
    nist: CM-6(a),AU-8(1)(a)
    pcidss: Req-10.4.3

ocil_clause: 'a remote time server is not configured'

ocil: |-
    Run the following command and verify remote servers are configured properly:
    <pre># grep -E "^(server|pool)" {{{ chrony_conf_path }}}</pre>