Description: systemd-timesyncd is a daemon that has been added for synchronizing the system clock across the network NTP A space-separated list of NTP server host names or IP addresses. During runtime this list is combined with any per-interface NTP servers acquired from systemd-networkd.service(8). systemd-timesyncd will contact all configured system or per-interface servers in turn, until one responds. When the empty string is assigned, the list of NTP servers is reset, and all prior assignments will have no effect. This setting defaults to an empty list. Rationale:sTime synchronization is important to support time sensitive security mechanisms and to ensure log files have consistent time records across the enterprise to aid in forensic investigations. Audit: IF systemd-timesyncd is in use on the system, run the following command: # grep -i '^.*(NTP|FallbackNTP)=.*' /etc/systemd/timesyncd.conf Remediation: IF systemd-timesyncd is in use on the system, Edit /etc/systemd/timesyncd.conf and add the list of time sever(s) in the time section NTP= The value for NTP given here is time.nist.gov. You can change the value according to your site policy for timesyncd and apply as appropriate Note: If another time synchronization service is in use on the system, run the following command to stop and mask systemd-timesyncd: # systemctl --now mask systemd-timesyncd.service

[NTP time server, FallbackNTP time server]

IF systemd-timesyncd is in use on the system, Run the following command to unmask systemd-timesyncd.service: # systemctl unmask systemd-timesyncd.service Run the following command to enable and start systemd-timesyncd.service: # systemctl --now enable systemd-timesyncd.service