2.2.1.3 Ensure chrony is configured (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on chrony can be found at http://chrony.tuxfamily.org/. chrony can be configured to be a client and/or a server.
Rationale
If chrony is in use on the system proper configuration is vital to ensuring time synchronization is working properly.
This recommendation only applies if chrony is in use on the system.
Audit
Run the following command and verify remote server is configured properly:
# grep "^server" /etc/chrony/chrony.conf server <remote-server>
Multiple servers may be configured.
Run the following command and verify OPTIONS includes -u chrony:
# grep ^OPTIONS /etc/sysconfig/chronyd OPTIONS="-u chrony"
Additional options may be present.
Remediation
Add or edit server lines to /etc/chrony/chrony.conf as appropriate:
server <remote-server>
Add or edit the OPTIONS in /etc/sysconfig/chronyd to include -u chrony:
OPTIONS="-u chrony"