2.2.3 Restrict NTP server to loopback interface - restrict lo

Information

Mobile workstations on untrusted networks should not have open listening services
available to other nodes on the network.

Solution

Perform the following to implement the prescribed state -
1. Run the following command in Terminal-sudo vim /etc/ntp-restrict.conf
2. Add the following lines to the filerestrict lo interface ignore wildcard interface listen lo

See Also

https://workbench.cisecurity.org/files/301

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(13)

Plugin: Unix

Control ID: b83803348bbf3cb8815369871fbf9f9f270e9d4486b7a57b5ba8ca29743fa1c8