An error occurred:

Check: RIIM-OS-252015

Riverbed NetIM OS STIG: RIIM-OS-252015 (in version v1 r1)

Title

Ubuntu OS must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second. (Cat II impact)

Discussion

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Synchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. Organizations should consider setting time periods for different types of systems (e.g., financial, legal, or mission-critical systems). Organizations must also consider endpoints that may not have regular access to the authoritative time server (e.g., mobile, teleworking, and tactical endpoints). This requirement is related to the comparison done every 24 hours in SRG-OS-000355 to determine the time difference.

Check Content

Verify Ubuntu OS synchronizes internal system clocks to the authoritative time source when the time difference is greater than one second. Note: If the system is not networked, this requirement is not applicable. Check the value of "makestep" by using the following command: $ grep -ir makestep /etc/chrony* makestep 1 -1 If "makestep" is not set to "1 -1", is commented out, or is missing, this is a finding. Verify the NTP service is active and the system clock is synchronized with the authoritative time source: $ timedatectl | grep -Ei '(synchronized|service)' System clock synchronized: yes NTP service: active If the NTP service is not active, this is a finding. If the system clock is not synchronized, this is a finding.

Fix Text

Configure chrony to synchronize the internal system clocks to the authoritative source when the time difference is greater than one second by doing the following: Edit the "/etc/chrony/chrony.conf" file and add: makestep 1 -1 Restart the chrony service: $ sudo systemctl restart chrony.service

Additional Identifiers

Rule ID: SV-275614r1147892_rule

Vulnerability ID: V-275614

Group Title: SRG-OS-000356-GPOS-00144

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-004926

Synchronize the internal system clocks to the authoritative time source when the time difference is greater than organization-defined time period.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-45(1)

Synchronization with Authoritative Time Source