TOSS 5 must disable network management of the chrony daemon.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-282484TOSS-05-000203SV-282484r1201332_ruleCCI-000381low
Description
Not exposing the management interface of the chrony daemon on the network diminishes the attack space. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000096-GPOS-00050
STIGDate
Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide2026-04-01

Details

Check Text (C-282484r1201332_chk)

Verify TOSS 5 disables network management of the chrony daemon using the following command: $ grep -w cmdport /etc/chrony.conf cmdport 0 If the "cmdport" option is not set to "0", is commented out, or is missing, this is a finding.

Fix Text (F-86950r1201331_fix)

Configure TOSS 5 to disable network management of the chrony daemon by adding/modifying the following line in the "/etc/chrony.conf" file: cmdport 0