CCE-92942-2Platform: cpe:/o:ubuntu:ubuntu_linux:19.04 | Date: (C)2019-11-07 (M)2023-07-04 |
Configure Network Time Protocol (NTP)
The Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. NTP can be configured to be a client and/or a server.
Parameter:
[yes/no]
Technical Mechanism:
It is recommended that physical systems and virtual guests lacking direct access to the physical host's clock be configured as NTP clients to synchronize their clocks (especially to support time sensitive security mechanisms like Kerberos). This also ensures log files have consistent time records across the enterprise, which aids in forensic investigations.
Fix:
Install ntp:
# apt-get install ntp
Ensure the following lines are in /etc/ntp.conf:
restrict -4 default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery
Also, make sure /etc/ntp.conf has at least one NTP server specified:
server
Note: is the IP address or hostname of a trusted time server. Configuring an
NTP server is outside the scope of this benchmark.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.6 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:55155 |