RHEL 10 must have the "chrony" package installed.

STIG ID: RHEL-10-200540  |  SRG: SRG-OS-000355-GPOS-00143 |  Severity: medium (CAT II)  |  CCI: CCI-004923 |  Vulnerability Id: V-280958

Vulnerability Discussion

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.

Check

Verify RHEL 10 has the "chrony" package installed with the following command:

$ sudo dnf list --installed chrony
Installed Packages
chrony.x86_64 4.6.1-1.el10 @anaconda

If the "chrony" package is not installed, this is a finding.

Fix

Configure RHEL 10 to have the "chrony" package installed with the following command:

$ sudo dnf -y install chrony
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.