CCE-95685-4| Platform: cpe:/o:debian:debian_linux:11.x, cpe:/o:ubuntu:ubuntu_linux:16.04, cpe:/o:ubuntu:ubuntu_linux:18.04, cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04, cpe:/o:ubuntu:ubuntu_linux:23.04 | Date: (C)2021-03-08 (M)2023-09-01 |
System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them.
Rationale:
Time synchronization is important to support time sensitive security mechanisms like Kerberos and also ensures log files have consistent time records across the enterprise, which aids in forensic investigations.
Fix:
On systems where host based time synchronization is not available, configure systemd-timesyncd. If "full featured" and/or encrypted time synchronization is required, install chrony or NTP.
Run the following command to install chrony or ntp:
# apt install ntp
(or)
# apt install chrony
Parameter:
[yes/no]
Technical Mechanism:
On systems where host based time synchronization is not available, configure systemd-timesyncd. If full featured and/or encrypted time synchronization is required, install chrony or NTP.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 5.1 | Attack Vector: LOCAL |
| Exploit Score: 2.5 | Attack Complexity: LOW |
| Impact Score: 2.5 | Privileges Required: NONE |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L | Scope: UNCHANGED |
| | Confidentiality: NONE |
| | Integrity: LOW |
| | Availability: LOW |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:87411 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:85262 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:70723 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:70826 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:92267 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68746 |
