Synchronize internal information system clocks

Description

Synchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.

Rationale

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if [ -e "/etc/chrony/chrony.conf" ] ; then
    
    LC_ALL=C sed -i "/^\s*makestep 1 \-1/Id" "/etc/chrony/chrony.conf"
else
    touch "/etc/chrony/chrony.conf"
fi
# make sure file has newline at the end
sed -i -e '$a\' "/etc/chrony/chrony.conf"

cp "/etc/chrony/chrony.conf" "/etc/chrony/chrony.conf.bak"
# Insert at the end of the file
printf '%s\n' "makestep 1 -1" >> "/etc/chrony/chrony.conf"
# Clean up after ourselves.
rm "/etc/chrony/chrony.conf.bak"

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Synchronize internal information system clocks
  lineinfile:
    path: /etc/chrony/chrony.conf
    create: true
    line: makestep 1 -1
    state: present
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
  - DISA-STIG-UBTU-20-010436
  - chronyd_sync_clock
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy
PREVIEWING: esther/docs-8632-slo-blog-links