2.2.1.2 Ensure ntp is configured (Scored)

Level 1 - Server 
Level 1 - Workstation

ntp is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. ntp can be configured to be a client and/or a server.

This recommendation only applies if ntp is in use on the system.

If ntp is in use on the system proper configuration is vital to ensuring time synchronization is working properly.

Run the following command and verify output matches:

# grep "^restrict" /etc/ntp.conf 
restrict -4 default kod nomodify notrap nopeer noquery 
restrict -6 default kod nomodify notrap nopeer noquery

The -4 in the first line is optional and options after default can appear in any order. Additional restriction lines may exist.
Run the following command and verify remote server is configured properly:

# grep "^server" /etc/ntp.conf 
server <remote-server>

Multiple servers may be configured.

Verify that ntp is configured to run as the ntp user by running the following command:

# grep "RUNASUSER=ntp" /etc/init.d/ntp 
RUNASUSER=ntp

Add or edit restrict lines in /etc/ntp.conf to match the following:

restrict -4 default kod nomodify notrap nopeer noquery 
restrict -6 default kod nomodify notrap nopeer noquery

Add or edit server lines to /etc/ntp.conf as appropriate:

server <remote-server>

Configure ntp to run as the ntp user by adding or editing the /etc/init.d/ntp file:

RUNASUSER=ntp