2.3.3 Ensure chrony is not run as the root user

Information

The file /etc/sysconfig/chronyd allows configuration of options for chrony to include the user chrony is run as. By default, this is set to the user chrony

Services should not be set to run as the root user

Solution

Edit the file /etc/sysconfig/chronyd and add or modify the following line to remove " -u root " from any OPTIONS= argument:

Example:

OPTIONS="-F 2"

Run the following command to reload the chronyd.service configuration:

# systemctl reload-or-restart chronyd.service

See Also

https://workbench.cisecurity.org/benchmarks/18209

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Unix

Control ID: 63b319c318c0a36b8c96159d044f0124a3149c9bc5ac57d750ee4aaaac05479d