CCE-95462-8Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:redhat:enterprise_linux:7 | Date: (C)2021-03-05 (M)2023-07-04 |
Description:
System time should be synchronized between all systems in an environment. This is
typically done by establishing an authoritative time server or set of servers and having all
systems synchronize their clocks to them.
Rationale:
Time synchronization is important to support time sensitive security mechanisms like
Kerberos and also ensures log files have consistent time records across the enterprise,
which aids in forensic investigations.
Audit:
On physical systems or virtual systems where host based time synchronization is not
available verify that chrony is installed.
Run the following command to verify that chrony
# rpm -q chrony
chrony-
On virtual systems where host based time synchronization is available consult your
virtualization software documentation and verify that host based synchronization is in use.
Remediation:
On physical systems or virtual systems where host based time synchronization is not
available install chrony:
Run the folloing command to install chrony:
# dnf install chrony
On virtual systems where host based time synchronization is available consult your
virtualization software documentation and setup host based synchronization.
Notes:
systemd-timesyncd is part of systemd. Some versions of systemd have been compiled
without systemd-timesycnd. On these distributions, chrony or NTP should be used instead
of systemd-timesycnd
Parameter:
[chrony]
Technical Mechanism:
On physical systems or virtual systems where host based time synchronization is not
available install chrony:
Run the folloing command to install chrony:
# dnf install chrony
On virtual systems where host based time synchronization is available consult your
virtualization software documentation and setup host based synchronization.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73061 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73013 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68613 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72699 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73056 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72908 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72802 |