bfcf6c7423
This role contains around 150 controls from the 270+ controls that exist in the RHEL 6 STIG. New controls are still being added. Implements: blueprint security-hardening Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6
925 B
The chrony service is installed to manage clock
synchronization for hosts and to serve as an NTP server for NTP clients.
Chrony was chosen over ntpd because it's actively maintained and has
some enhancements for virtualized environments.
There are two configurations available for users to adjust chrony's default configuration:
The ntp_servers variable is a list of NTP servers that
chrony should use to synchronize time. They are set to North American
NTP servers by default.
The allowed_ntp_subnets variable is a list of subnets
(in CIDR notation) that are allowed to reach your servers running
chrony. A sane default is chosen (all RFC1918 networks are allowed), but
this can be easily adjusted.
For more information on chrony, review the chrony documentation at the upstream site, or run man chrony on a host with chrony installed.