MEDIUM M25: Chrony/NTP Configuration P3

Verified Compare Branch

Overview

Hardens time synchronization by restricting chrony to client-only mode, disabling the chronyc network interface, setting maximum poll intervals, and requiring multiple NTP servers for resilience.

Profile: NIST 800-53 Moderate (rhcos4-moderate)

Compliance Checks

Check Description
client-only Restrict chrony to client mode (no serving)
no-chronyc-network Disable chronyc network command interface
or-ntpd-set-maxpoll Set maximum NTP polling interval
or-ntpd-specify-multiple-servers Require multiple NTP servers

Verification

oc debug node/<node> -- chroot /host chronyc sources
← M24 All Groups M26 →
Legend
Status
🔵 In Progress
🟡 Pending
⚪ On Hold
🟢 Complete
Severity
HIGH
MEDIUM
LOW
MANUAL

Keyboard Shortcuts

Navigation
j / Next row
k / Previous row
Enter Open selected / Expand details
Esc Clear selection / Close modal
Actions
/ Focus search
d Toggle dark mode
? Show this help
g h Go to home
Filters
1 Show all
2 Pending only
3 In Progress only
4 Complete only