2.2.1.2 Ensure ntp is configured - restrict -6

Information

ntp is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. ntp can be configured to be a client and/or a server.

This recommendation only applies if ntp is in use on the system.

Rationale:

If ntp is in use on the system proper configuration is vital to ensuring time synchronization is working properly.

Solution

Add or edit restrict lines in /etc/ntp.conf to match the following:

restrict -4 default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

Add or edit server or pool lines to /etc/ntp.conf as appropriate:
Example vim /etc/ntp.conf

server <remote-server>

Configure ntp to run as the ntp user by adding or editing one of the following file:
/etc/sysconfig/ntpd :

OPTIONS='-u ntp:ntp'

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72269

Rule ID: SV-86893r4_rule

STIG ID: RHEL-07-040500

Severity: CAT II

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-8, CSCv7|6.1

Plugin: Unix

Control ID: 196073c7ec2975d7d54745103d0adb802ee6dcf9727c4442f512cc12d1ecddea