AlmaLinux OS 9 must disable remote management of the chrony daemon.

STIG ID: ALMA-09-028510  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium |  CCI: CCI-000381 |  Vulnerability Id: V-269332

Vulnerability Discussion

Not exposing the management interface of the chrony daemon on the network reduces the attack surface.

Check

Verify AlmaLinux OS 9 disables remote management of the chrony daemon with the following command:

$ chronyd -p | grep -w cmdport

cmdport 0

If the "cmdport" option is not set to "0" or is missing, this is a finding.

Fix

Configure AlmaLinux OS 9 to disable remote management of the chrony daemon by adding/modifying the following line in the /etc/chrony.conf file:

cmdport 0
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.