Title

The system clock must be synchronized continuously, or at least daily. (Cat II impact)

Discussion

A synchronized system clock is critical for the enforcement of time-based policies and the correlation of logs and audit records with other systems. Internal system clocks tend to drift and require periodic resynchronization to ensure their accuracy. Software, such as ntpd, can be used to continuously synchronize the system clock with authoritative sources. Alternatively, the system may be synchronized periodically, with a maximum of one day between synchronizations. If the system is completely isolated (no connections to networks or other systems), time synchronization is not required as no correlation of events or operation of time-dependent protocols between systems will be necessary. If the system is completely isolated, this requirement is not applicable.

Check Content

Check the system for a running NTP daemon. # ps -ef | grep ntp If a ntpd or xntpd process exists, this is not a finding. If ntp or xntp daemon is not running, check the root crontab for ntpdate jobs running at least daily. # crontab -l | grep ntpdate Columns 3, 4, and 5 must be an asterisk (*) for the job to be run daily. If this job exists, this is not a finding. Otherwise, this is a finding.

Fix Text

Enable the NTP daemon for continuous synchronization. /etc/init.d/xntpd start OR Add a daily or more frequent cronjob to perform synchronization using ntpdate.

Additional Identifiers

Rule ID: SV-26290r1_rule

Vulnerability ID: V-22290

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.