V-269332 - Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

Back to Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

AlmaLinux OS 9 must disable remote management of the chrony daemon.

Severity: Medium

Description

<VulnDiscussion>Not exposing the management interface of the chrony daemon on the network reduces the attack surface.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check

Verify AlmaLinux OS 9 disables remote management of the chrony daemon with the following command: $ chronyd -p | grep -w cmdport cmdport 0 If the "cmdport" option is not set to "0" or is missing, this is a finding.

Fix

Configure AlmaLinux OS 9 to disable remote management of the chrony daemon by adding/modifying the following line in the /etc/chrony.conf file: cmdport 0