STIGQter STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: The system must use at least two time sources for clock synchronization.

DISA Rule

SV-28717r1_rule

Vulnerability Number

V-22291

Group Title

GEN000242

Rule Version

GEN000242

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If using ntpdate, add additional NTP servers to the cron job running ntpdate.

If using the NTP daemon, add an additional "server" line to ntp.conf for each additional NTP server.

Check Contents

Check the root crontab for ntpdate entries.
# crontab -l | grep ntpdate
If the ntpdate command is not invoked with at least two external NTP servers listed, this is a finding.

Check the NTP daemon configuration for at least two external servers.
# grep ^server ntp.conf | egrep -v '(127.127.1.1|127.127.1.0)'
If less than two servers or external reference clocks (127.127.x.x other than 127.127.1.0 or 127.127.1.1) are listed, this is a finding.

Vulnerability Number

V-22291

Documentable

False

Rule Version

GEN000242

Severity Override Guidance

Check the root crontab for ntpdate entries.
# crontab -l | grep ntpdate
If the ntpdate command is not invoked with at least two external NTP servers listed, this is a finding.

Check the NTP daemon configuration for at least two external servers.
# grep ^server ntp.conf | egrep -v '(127.127.1.1|127.127.1.0)'
If less than two servers or external reference clocks (127.127.x.x other than 127.127.1.0 or 127.127.1.1) are listed, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1386

Comments