2.3.3.3 Ensure chrony is enabled and running

Information

chrony is a daemon for synchronizing the system clock across the network

chrony needs to be enabled and running in order to synchronize the system to a timeserver.

Time synchronization is important to support time sensitive security mechanisms and to ensure log files have consistent time records across the enterprise to aid in forensic investigations

Solution

- IF - chrony is in use on the system, run the following commands:

Run the following command to unmask chrony.service :

# systemctl unmask chrony.service

Run the following command to enable and start chrony.service :

# systemctl --now enable chrony.service

- OR -

If another time synchronization service is in use on the system, run the following command to remove chrony :

# apt purge chrony
# apt autoremove chrony

See Also

https://workbench.cisecurity.org/benchmarks/17074

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-7, 800-53|AU-8, CSCv7|6.1

Plugin: Unix

Control ID: aac4560cb626fbe074d2a51b1f809d9ad41e95fcfd69c46b82181db902fa53be