1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
documentation_complete: true
title: 'Disable ntpdate Service (ntpdate)'
description: |-
The <tt>ntpdate</tt> service sets the local hardware clock by polling NTP servers
when the system boots. It synchronizes to the NTP servers listed in
<tt>/etc/ntp/step-tickers</tt> or <tt>/etc/ntp.conf</tt>
and then sets the local hardware clock to the newly synchronized
system time.
{{{ describe_service_disable(service="ntpdate") }}}
rationale: |-
The <tt>ntpdate</tt> service may only be suitable for systems which
are rebooted frequently enough that clock drift does not cause problems between
reboots. In any event, the functionality of the ntpdate service is now
available in the ntpd program and should be considered deprecated.
severity: low
identifiers:
cce@rhel8: CCE-80879-0
cce@rhel9: CCE-84236-9
references:
cis-csc: 11,12,14,15,3,8,9
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 7.1,SR 7.6'
iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
ocil_clause: |-
{{{ ocil_clause_service_disabled(service="ntpdate") }}}
ocil: |-
{{{ ocil_service_disabled(service="ntpdate") }}}
platform: system_with_kernel
template:
name: service_disabled
vars:
servicename: ntpdate
|
