AlmaLinux OS 9 must prevent the chrony daemon from acting as a server.

STIG ID: ALMA-09-028620  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium |  CCI: CCI-000381 |  Vulnerability Id: V-269333

Vulnerability Discussion

Being able to determine the system time of a server can be useful information for various attacks from timebomb attacks to location discovery based on time zone.

Minimizing the exposure of the server functionality of the chrony daemon reduces the attack surface.

Check

Verify AlmaLinux OS 9 disables the chrony daemon from acting as a server with the following command:

$ chronyd -p | grep -w port

port 0

If the "port" option is not set to "0" or is missing, this is a finding.

Fix

Configure AlmaLinux OS 9 to disable the chrony daemon from acting as a server by adding/modifying the following line in the /etc/chrony.conf file:

port 0
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.