Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-8.10.z
Affects Version/s: rhel-8.0.0
Component/s: scap-security-guide
Labels:
- MigratedToJIRA
- Triaged

Fixed in Build:
scap-security-guide-0.1.73-1.el8_10
Regression:
None
Severity:
None

Pool Team:

rhel-sst-security-compliance
Sub-System Group:

ssg_security

Story Points:
2
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None

Acceptance Criteria:
Hide

PTP: Manually check on a system hardened to STIG profile that the default server pool for /etc/chrony.conf contains only "0.us.pool.ntp.mil". For example by looking at generated HTML report from /hardening/anaconda/stig test, rule chronyd_specify_remote_server should contain the value for NTP server found in /etc/chrony.conf. Alternatively, reserve a system and harden it to STIG manually, then check that /etc/chrony.conf only contains "server 0.us.pool.ntp.mil":

grep -i server /etc/chrony.conf server 0.us.pool.ntp.mil
Show
PTP: Manually check on a system hardened to STIG profile that the default server pool for /etc/chrony.conf contains only "0.us.pool.ntp.mil". For example by looking at generated HTML report from /hardening/anaconda/stig test, rule chronyd_specify_remote_server should contain the value for NTP server found in /etc/chrony.conf. Alternatively, reserve a system and harden it to STIG manually, then check that /etc/chrony.conf only contains "server 0.us.pool.ntp.mil": grep -i server /etc/chrony.conf server 0.us.pool.ntp.mil
Git Pull Request:
https://github.com/ComplianceAsCode/content/pull/11583
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/132394
Test Coverage:
None

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 2192617

PX Impact Score:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:

When applying DISA STIG Profile it either automatically change the pool or recommend the person implementing the stig policy to use it.

Version-Release number of selected component (if applicable):

RHEL 8.0

How reproducible:

Very.

Steps to Reproduce:
1. Stop Chrony Service

2. Apply DISA STIG profile.

3. Chrony configuration still contains NTP pools host names, which casuses synchronizing to server outside of the US.

Actual results:

This causes problems because our systems may (and have) randomly select time sources from Russia, Iran, China and other nations.

Expected results:

Only use the us.pool.ntp.org

Additional info:

external trackers

Red Hat Customer Portal 03497762

Red Hat Issue Tracker RHELPLAN-156212

links to

RHBA-2024:132394 scap-security-guide bug fix and enhancement update

Assignee:: Marcus Burghardt

Reporter:: Joshua Faison (Inactive)

Developer:: Marcus Burghardt

QA Contact:: Milan Lysonek

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 2023/08/30 8:26 AM

Updated:: 2024/06/05 10:15 AM

Resolved:: 2024/06/05 10:15 AM

Target start:: 2024/02/12

Dev Target end:: 2024/02/16

Release Date:: 2024/06/05

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates