STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 1 Release: 26 Benchmark Date: 24 Jan 2020: The system clock must be synchronized to an authoritative DoD time source.

DISA Rule

SV-40040r3_rule

Vulnerability Number

V-4301

Group Title

GEN000240

Rule Version

GEN000240

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Use a local authoritative time server synchronizing to an authorized DoD time source. Ensure all systems in the facility feed from one or more local time servers that feed from the authoritative time server.

Check Contents

NTP must be used and used only in the global zone. Determine the zone that you are currently securing.

# zonename

If the command output is not "global", NTP must be disabled. Check the system for a running NTP daemon.

# svcs ntp | grep online

If the output from "zonename" is "global", NTP must be enabled. Check the system for a running NTP daemon.

# svcs ntp | grep online

If NTP is not online, this is a finding.

If NTP is running confirm the servers and peers or multicast client (as applicable) are local or an authoritative U.S. DoD source.

# more /etc/inet/ntp.conf

If a non-local/non-authoritative (U.S. DoD source) time-server is used, this is a finding.

Vulnerability Number

V-4301

Documentable

False

Rule Version

GEN000240

Severity Override Guidance

NTP must be used and used only in the global zone. Determine the zone that you are currently securing.

# zonename

If the command output is not "global", NTP must be disabled. Check the system for a running NTP daemon.

# svcs ntp | grep online

If the output from "zonename" is "global", NTP must be enabled. Check the system for a running NTP daemon.

# svcs ntp | grep online

If NTP is not online, this is a finding.

If NTP is running confirm the servers and peers or multicast client (as applicable) are local or an authoritative U.S. DoD source.

# more /etc/inet/ntp.conf

If a non-local/non-authoritative (U.S. DoD source) time-server is used, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

25

Comments