2.2.2 Ensure time set is within appropriate limits

Information

Kerberos may not operate correctly if the time on the Mac is off by more than 5 minutes. This in turn can affect Apple's single sign-on feature, Active Directory logons, and other features. Audit check is for more than 4 minutes and 30 seconds ahead or behind.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Perform the following to implement the prescribed state:
In Terminal, run the following command:
sudo systemsetup -getnetworktimeserver
Use 'Network Time Server:' your.time.server to capture drift:
sudo ntpdate -svd your.time.server | egrep offset

See Also

https://workbench.cisecurity.org/files/301

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: ba6d96cadd2c2697a2cac3f61032289027028e4672ffbda7860b6fbd0bf6ecb4