Amazon Linux 2023 chrony must be configured with a maximum interval of 24 hours between requests sent to a USNO server or a time server designated for the appropriate DOD network.

STIG ID: AZLX-23-002560  |  SRG: SRG-OS-000355-GPOS-00143 |  Severity: medium (CAT II)  |  CCI: CCI-004923 |  Vulnerability Id: V-274174

Vulnerability Discussion

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.

Check

Verify Amazon Linux 2023 chrony service specifies a maximum interval of 24 hours between requests sent to a USNO server with the following command:

Note: <USNO/DOD Server> is used in place of a time source IP address.

$ sudo grep maxpoll /etc/chrony.conf
server <USNO/DOD Server> iburst maxpoll 16

If the "maxpoll" option is not configured, commented out, or set to a number greater than 16 or the line is commented out then this is a finding.

Verify Amazon Linux 2023 chrony service is configured to use authoritative USNO or appropriate DOD time source with the following command:

$ sudo grep -i server /etc/chrony.conf
server <USNO/DOD Server>

If the parameter "server" is not set, or is not set to an authoritative USNO/DOD time source, then this is a finding.

Fix

Configure Amazon Linux 2023 to compare internal information system clocks at least every 24 hours with an NTP server. Ensure the following line is added or updated in /etc/chrony.conf:

server DOD.ntp.server iburst maxpoll 16
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.