2.3.3.2 Ensure chrony is running as user _chrony

Information

The chrony package is installed with a dedicated user account _chrony This account is granted the access required by the chronyd service

The chronyd service should run with only the required privlidges

Solution

Add or edit the user line to /etc/chrony/chrony.conf or a file ending inconf in /etc/chrony/conf.d/ :

user _chrony

- OR -

If another time synchronization service is in use on the system, run the following command to remove chrony from the system:

# apt purge chrony
# apt autoremove chrony

See Also

https://workbench.cisecurity.org/benchmarks/17074

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-7, 800-53|AU-8, CSCv7|6.1

Plugin: Unix

Control ID: 74c42ff8ce4188d3177bc2ef665a9074a1e7c2e1f5e90997b362c320e786bb7e