AlmaLinux OS 9 must disable remote management of the chrony daemon.
Overview
| Finding ID |
Version |
Rule ID |
IA Controls |
Severity |
| V-269332 |
ALMA-09-028510 |
SV-269332r1050214_rule |
|
Medium |
| Description |
| Not exposing the management interface of the chrony daemon on the network reduces the attack surface. |
Details
| Check Text (C-73363r1049505_chk) |
Verify AlmaLinux OS 9 disables remote management of the chrony daemon with the following command:
$ chronyd -p | grep -w cmdport
cmdport 0
If the "cmdport" option is not set to "0" or is missing, this is a finding. |
| Fix Text (F-73264r1049506_fix) |
Configure AlmaLinux OS 9 to disable remote management of the chrony daemon by adding/modifying the following line in the /etc/chrony.conf file:
cmdport 0 |