CCE-95713-4Platform: cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04 | Date: (C)2023-12-15 (M)2023-12-20 |
Description: systemd-timesyncd is a daemon that has been added for synchronizing the system clock across the network NTP
A space-separated list of NTP server host names or IP addresses. During runtime this list is combined with any per-interface NTP servers acquired from systemd-networkd.service(8). systemd-timesyncd will contact all configured system or per-interface servers in turn, until one responds. When the empty string is assigned, the list of NTP servers is reset, and all prior assignments will have no effect. This setting defaults to an empty list.
Rationale:sTime synchronization is important to support time sensitive security mechanisms and to ensure log files have consistent time records across the enterprise to aid in forensic investigations.
Audit:
IF systemd-timesyncd is in use on the system, run the following command:
# grep -i '^.*(NTP|FallbackNTP)=.*' /etc/systemd/timesyncd.conf
Remediation:
IF systemd-timesyncd is in use on the system, Edit /etc/systemd/timesyncd.conf and add the list of time sever(s) in the time section NTP=
The value for NTP given here is time.nist.gov. You can change the value according to your site policy for timesyncd and apply as appropriate
Note: If another time synchronization service is in use on the system, run the following command to stop and mask systemd-timesyncd: # systemctl --now mask systemd-timesyncd.service
Parameter:
[NTP time server, FallbackNTP time server]
Technical Mechanism:
IF systemd-timesyncd is in use on the system, Run the following command to unmask systemd-timesyncd.service:
# systemctl unmask systemd-timesyncd.service
Run the following command to enable and start systemd-timesyncd.service:
# systemctl --now enable systemd-timesyncd.service
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:95879 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:95966 |