AlmaLinux OS 9 must prevent the chrony daemon from acting as a server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-269333	ALMA-09-028620	SV-269333r1050215_rule		Medium

Description

Being able to determine the system time of a server can be useful information for various attacks from timebomb attacks to location discovery based on time zone. Minimizing the exposure of the server functionality of the chrony daemon reduces the attack surface.

STIG	Date
CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide	2025-05-22

Details

Check Text (C-73364r1049508_chk)

Verify AlmaLinux OS 9 disables the chrony daemon from acting as a server with the following command:

$ chronyd -p | grep -w port

port 0

If the "port" option is not set to "0" or is missing, this is a finding.

Fix Text (F-73265r1049509_fix)

Configure AlmaLinux OS 9 to disable the chrony daemon from acting as a server by adding/modifying the following line in the /etc/chrony.conf file:

port 0