Skip to content

2.3.3.2 Ensure chrony is running as user _chrony

Audit#

- IF - chrony is in use on the system, run the following command to verify the chronyd service is being run as the _chrony user: 

# ps -ef | awk '(/[c]hronyd/ && $1!="_chrony") { print $1 }'
Nothing should be returned

Remediation#

Add or edit the user line to /etc/chrony/chrony.conf or a file ending in .conf in /etc/chrony/conf.d/: 

user _chrony

- OR - If another time synchronization service is in use on the system, run the following command to remove chrony from the system: 

# apt purge chrony
# apt autoremove chrony

Default Value: user _chrony