2.1.1.1 Ensure time synchronization is in use

Information

System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them.

Notes:

If access to a physical host's clock is available and configured according to site policy, this section can be skipped

Only one time synchronization method should be in use on the system

If access to a physical host's clock is available and configured according to site policy, systemd-timesyncd should be stopped and masked

Rationale:

Time synchronization is important to support time sensitive security mechanisms like Kerberos and also ensures log files have consistent time records across the enterprise, which aids in forensic investigations.

Solution

On systems where host based time synchronization is not available, configure systemd-timesyncd. If 'full featured' and/or encrypted time synchronization is required, install chrony or NTP.
To install chrony:

# apt install chrony

To install ntp:

# apt install ntp

On virtual systems where host based time synchronization is available consult your virtualization software documentation and setup host based synchronization

See Also

https://workbench.cisecurity.org/files/3219

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-8, CSCv7|6.1

Plugin: Unix

Control ID: 773cf836a71b11f2b794b071fcb9d3bddd82e552ac88417cdb07875c7b81afb9