1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
documentation_complete: true
prodtype: alinux2,fedora,rhel7,sle12
title: 'Configure server restrictions for ntpd'
description: |-
ntpd is a daemon which implements the Network Time Protocol (NTP). It is designed to
synchronize system clocks across a variety of systems and use a source that is highly
accurate. More information on NTP can be found at
{{{ weblink(link="http://www.ntp.org")}}}.
ntp can be configured to be a client and/or a server.
To ensure that ntpd implements correct server restrictions, make sure that the following lines exist in the file <tt>/etc/ntpd.conf</tt>:
<pre>restrict -4 default kod nomodify notrap nopeer noquery</pre>
<pre>restrict -6 default kod nomodify notrap nopeer noquery</pre>
This recommendation only applies if ntp is in use on the system.
rationale: |-
If ntp is in use on the system proper configuration is vital to ensuring time synchronization
is working properly.
severity: medium
platform: ntp
references:
cis@alinux2: 2.1.1.2
cis@rhel7: 2.2.1.3
cis@sle12: 2.2.1.4
identifiers:
cce@rhel7: CCE-84299-7
ocil_clause: 'restrictions are not configured for ntpd'
ocil: |-
Run the following command and verify output matches:
<tt># grep "^restrict" /etc/ntp.conf</tt>
<pre>
restrict -4 default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
</pre>
The <tt>-4</tt> in the first line is optional and options after <tt>default</tt> can appear in any order.
Additional restriction lines may exist.
|
