AlmaLinux OS 9 must prevent the chrony daemon from acting as a server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269333 | ALMA-09-028620 | SV-269333r1050215_rule | CCI-000381 | medium |
| Description | ||||
| Being able to determine the system time of a server can be useful information for various attacks from timebomb attacks to location discovery based on time zone. Minimizing the exposure of the server functionality of the chrony daemon reduces the attack surface. | ||||
| STIG | Date | |||
| Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide | 2026-02-27 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · V1R6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · V1R6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
- DISA · V1R6 · disa_xccdf · related
Details
Check Text (C-269333r1050215_chk)
Verify AlmaLinux OS 9 disables the chrony daemon from acting as a server with the following command:
$ chronyd -p | grep -w port
port 0
If the "port" option is not set to "0" or is missing, this is a finding.
Fix Text (F-73265r1049509_fix)
Configure AlmaLinux OS 9 to disable the chrony daemon from acting as a server by adding/modifying the following line in the /etc/chrony.conf file:
port 0