Navigate

Check: RHEL-09-252025

RHEL 9 STIG: RHEL-09-252025 (in versions v2 r3 through v1 r1)

Title

RHEL 9 must disable the chrony daemon from acting as a server. (Cat III impact)

Discussion

Minimizing the exposure of the server functionality of the chrony daemon diminishes the attack surface. Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049

Check Content

Verify RHEL 9 disables the chrony daemon from acting as a server with the following command: $ grep -w port /etc/chrony.conf port 0 If the "port" option is not set to "0", is commented out, or is missing, this is a finding.

Fix Text

Configure RHEL 9 to disable the chrony daemon from acting as a server by adding/modifying the following line in the /etc/chrony.conf file: port 0

Additional Identifiers

Rule ID: SV-257946r958480_rule

Vulnerability ID: V-257946

Group Title: SRG-OS-000096-GPOS-00050

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000381	Configure the system to provide only organization-defined mission essential capabilities.
CCI-000382	Configure the system to prohibit or restrict the use of organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality