Title

Ubuntu 24.04 LTS must not have the "ntp" package installed. (Cat III impact)

Discussion

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate. Organizations must consider endpoints that may not have regular access to the authoritative time server (e.g., mobile, teleworking, and tactical endpoints).

Check Content

Verify the "ntp" package is not installed with the following command: $ dpkg -l | grep ntp If the "ntp" package is installed, this is a finding.

Fix Text

Uninstall the "ntp" package using the following command: $ sudo apt remove ntp If there are additional configuration files on the system that must be removed, the following command can be used instead: $ sudo apt-get purge ntp

Additional Identifiers

Rule ID: SV-270646r1068358_rule

Vulnerability ID: V-270646

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.