An error occurred:

Check: RHEL-09-252030

RHEL 9 STIG: RHEL-09-252030 (in versions v1 r3 through v1 r1)

Title

RHEL 9 must disable network management of the chrony daemon. (Cat III impact)

Discussion

Not exposing the management interface of the chrony daemon on the network diminishes the attack space. Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049

Check Content

Verify RHEL 9 disables network management of the chrony daemon with the following command: $ grep -w cmdport /etc/chrony.conf cmdport 0 If the "cmdport" option is not set to "0", is commented out, or is missing, this is a finding.

Fix Text

Configure RHEL 9 to disable network management of the chrony daemon by adding/modifying the following line in the /etc/chrony.conf file: cmdport 0

Additional Identifiers

Rule ID: SV-257947r925828_rule

Vulnerability ID: V-257947

Group Title: SRG-OS-000096-GPOS-00050

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000381

The organization configures the information system to provide only essential capabilities.
CCI-000382

The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7

Least Functionality