2.2.1.1 Ensure time synchronization is in use

Information

System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them.

Rationale:

Time synchronization is important to support time sensitive security mechanisms like Kerberos and also ensures log files have consistent time records across the enterprise, which aids in forensic investigations.

Solution

On systems where host based time synchronization is not available, configure systemd-timesyncd. If 'full featured' and/or encrypted time synchronization is required, install chrony or NTP.
To install chrony:

# atp install chrony

To install ntp:

# apt install ntp

On virtual systems where host based time synchronization is available consult your virtualization software documentation and setup host based synchronization.

Additional Information:

systemd-timesyncd is part of systemd. Some versions of systemd have been compiled without systemd-timesycnd. On these distributions, chrony or NTP should be used instead of systemd-timesycnd.

See Also

https://workbench.cisecurity.org/files/2971

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-8, CSCv6|6.1, CSCv7|6.1

Plugin: Unix

Control ID: 84951d71d778b87fe6f5526826ecc7dcb6f9aa6edff86f7ed3bdd084cb4b5208