STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230484r627750_rule
V-230484
SRG-OS-000355-GPOS-00143
RHEL-08-030740
CAT II
10
Configure the operating system to securely compare internal information system clocks at least every 24 hours with an NTP server by adding/modifying the following line in the /etc/chrony.conf file.
server [ntp.server.name] iburst maxpoll 16
Verify RHEL 8 is securely comparing internal information system clocks at least every 24 hours with an NTP server with the following commands:
$ sudo grep maxpoll /etc/chrony.conf
server 0.us.pool.ntp.mil iburst maxpoll 16
If the "maxpoll" option is set to a number greater than 16 or the line is commented out, this is a finding.
Verify the "chrony.conf" file is configured to an authoritative DoD time source by running the following command:
$ sudo grep -i server /etc/chrony.conf
server 0.us.pool.ntp.mil
If the parameter "server" is not set or is not set to an authoritative DoD time source, this is a finding.
V-230484
False
RHEL-08-030740
Verify RHEL 8 is securely comparing internal information system clocks at least every 24 hours with an NTP server with the following commands:
$ sudo grep maxpoll /etc/chrony.conf
server 0.us.pool.ntp.mil iburst maxpoll 16
If the "maxpoll" option is set to a number greater than 16 or the line is commented out, this is a finding.
Verify the "chrony.conf" file is configured to an authoritative DoD time source by running the following command:
$ sudo grep -i server /etc/chrony.conf
server 0.us.pool.ntp.mil
If the parameter "server" is not set or is not set to an authoritative DoD time source, this is a finding.
M
2921