content icon indicating copy to clipboard operation
content copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

chronyd_or_ntpd_set_maxpoll does not check pools

Open jan-cerny opened this issue 6 years ago • 2 comments

Description of problem:

Rule chronyd_or_ntpd_set_maxpoll check if all time sources in /etc/chrony.conf specified by server keyword have maxpoll option set. However, it doesn't check sources specified as pool or other possible sources. A pool seems to be the default option on RHEL 8, at least on my fresh installation there is no server specified.

SCAP Security Guide Version:

current upstream head as of 7075c11504dba2d18dad33e08ca5e92e97077fc1

Operating System Version:

RHEL 8

Steps to Reproduce:

  1. configure pool in /etc/chrony.conf instead of server
  2. evaluate chronyd_or_ntpd_set_maxpoll

Actual Results:

maxpoll is checked only on lines starting with server

Expected Results:

Investigate if it should check also on pool or other sources.

Addition Information/Debugging Steps:

jan-cerny avatar Nov 04 '19 12:11 jan-cerny

I believe this is already fixed. Could you confirm @jan-cerny?

marcusburghardt avatar Aug 28 '23 08:08 marcusburghardt

It seems that this still might be an issue.

Mab879 avatar May 02 '24 00:05 Mab879