An error occurred:

Check: GEN000246

VMware ESX 3 Server: GEN000246 (in version v1 r2)

Title

The system time synchronization method must use cryptographic algorithms to verify the authenticity and integrity of the time data. (Cat II impact)

Discussion

A synchronized system clock is critical for the enforcement of time-based policies and the correlation of logs and audit records with other systems. If an illicit time source is used for synchronization, the integrity of system logs and the security of the system could be compromised.

Check Content

Check the root crontab for ntpdate entries. # crontab -l | grep ntpdate If the ntpdate command is not invoked with the -a parameter, this is a finding. Check the NTP daemon configuration. # grep ^server ntp.conf | grep -v '( key | autokey )' If server lines are present without key or autokey options, this is a finding.

Fix Text

If using ntpdate, add the -a option with a key to the cron job running ntpdate. If using the NTP daemon, add the key or autokey options, as appropriate, to each server line in ntp.conf for each NTP server not configured for authentication.

Additional Identifiers

Rule ID: SV-28719r1_rule

Vulnerability ID: V-22293

Group Title: GEN000246

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001145

The organization employs, at a minimum, FIPS-validated cryptography to protect unclassified information.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check