1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
documentation_complete: true
title: 'Enable the NTP Daemon'
description: |-
{{{ describe_service_enable(service="ntp") }}}
rationale: |-
Enabling the <tt>ntp</tt> service ensures that the <tt>ntp</tt>
service will be running and that the system will synchronize its time to
any servers specified. This is important whether the system is configured to be
a client (and synchronize only its own clock) or it is also acting as an NTP
server to other systems. Synchronizing time is essential for authentication
services such as Kerberos, but it is also important for maintaining accurate
logs and auditing possible security breaches.
<br /><br />
The NTP daemon offers all of the functionality of <tt>ntpdate</tt>, which is now
deprecated.
severity: high
identifiers:
cce@sle12: CCE-91657-7
cce@sle15: CCE-91294-9
references:
anssi: NT012(R03)
cis-csc: 1,14,15,16,3,5,6
cis@ubuntu2004: 2.2.1.4
cis@ubuntu2204: 2.2.1.4
cobit5: APO11.04,BAI03.05,DSS05.04,DSS05.07,MEA02.01
disa: CCI-000160
isa-62443-2009: 4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.8,SR 2.9'
iso27001-2013: A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1
nist: CM-6(a),AU-8(1)(a)
nist-csf: PR.PT-1
pcidss: Req-10.4
ocil: |-
{{{ ocil_service_enabled(service="ntp") }}}
template:
name: service_enabled
vars:
servicename: ntp
|
