2.3.3.3 Ensure chrony is enabled and running

Information

chrony is a daemon for synchronizing the system clock across the network

chrony needs to be enabled and running in order to synchronize the system to a timeserver.

Time synchronization is important to support time sensitive security mechanisms and to ensure log files have consistent time records across the enterprise to aid in forensic investigations

Solution

- IF - chrony is in use on the system, run the following commands:

Run the following command to unmask chrony.service :

# systemctl unmask chrony.service

Run the following command to enable and start chrony.service :

# systemctl --now enable chrony.service

- OR -

If another time synchronization service is in use on the system, run the following command to remove chrony :

# apt purge chrony
# apt autoremove chrony

See Also

https://workbench.cisecurity.org/benchmarks/17045

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-7, 800-53|AU-8, CSCv7|6.1

Plugin: Unix

Control ID: 30c5d8eb7eaf9eeb1e96b7fc289d9ea52581bd35673cc5e9965d5d883f85494c