Skip to content

2.1.4.2 Ensure ntp is configured with authorized timeserver

Audit#

IF ntp is in use on the system, run the following command to display the server and/or pool mode: 

# grep -P -- '^\h*(server|pool)\h+\H+' /etc/ntp.conf

Verify that at least one pool line and/or at least three server lines are returned, and the timeserver on the returned lines follows local site policy.

Output examples:

pool mode: 

pool time.nist.gov iburst maxsources 4 #The maxsources option is unique to the pool directive

server mode: 

server time-a-g.nist.gov iburst
server 132.163.97.3 iburst
server time-d-b.nist.gov iburst

Remediation#

Edit /etc/ntp.conf and add or edit server or pool lines as appropriate according to local site policy: 

<[server|pool]> <[remote-server|remote-pool]>

Examples:

pool mode: 

pool time.nist.gov iburst

server mode: 

server time-a-g.nist.gov iburst
server 132.163.97.3 iburst
server time-d-b.nist.gov iburst

Run the following command to load the updated time sources into ntp running config: 

# systemctl restart ntp

OR

If another time synchronization service is in use on the system, run the following command to remove ntp from the system: 

# apt purge ntp