Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
Synchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.
Depending on the infrastructure being used the "pool" directive may not be supported.
Verify Amazon Linux 2023 is securely comparing internal information system clocks at least every 24 hours with an NTP server with the following commands:
$ sudo grep maxpoll /etc/chrony.conf server 0.us.pool.ntp.mil iburst maxpoll 16
If the "maxpoll" option is set to a number greater than 16 or the line is commented out, this is a finding.
Verify the "chrony.conf" file is configured to an authoritative DOD time source by running the following command:
$ sudo grep -i server /etc/chrony.conf server 0.us.pool.ntp.mil
If the parameter "server" is not set, or is not set to an authoritative DOD time source, this is a finding.
Fix
Configure Amazon Linux 2023 chrony service to securely compare internal information system clocks at least every 24 hours with an NTP server by adding/modifying the following line in the /etc/chrony.conf file.