Lynis Controls - Time



Security Controls

[TIME-3104] Running NTP daemon Category  
Proper time synchronization is important for authentication services, forensics and troubleshooting. Therefore a time daemon (like ntpd) should be running, or a scheduled task to sync time (like ntpdate). Time
Cfengine Chef Shell script Puppet Effort Risk
       
1 2 3 4 5
1 2 3 4 5

[TIME-3106] Check status of timedatectl Category  
NTP is enabled, however timedatectl is not syncing time Time
Cfengine Chef Shell script Puppet Effort Risk
tick tick tick tick
1 2 3 4 5
1 2 3 4 5

[TIME-3116] Stratum 16 servers Category  
Time servers are used to sync the time with the host. When a used server is not properly configured or not working, it will be listed as a stratum 16 server, giving it a very low priority. Usually when finding a server with a value of 16, the server should be checked or replaced with an alternative server. Time
Cfengine Chef Shell script Puppet Effort Risk
       
1 2 3 4 5
1 2 3 4 5

[TIME-3120] Reliability of NTP servers Category  
Lynis tests if the used NTP server candidates are reliable enough to be used. If items show up with a dash or minus, they are unreliable and should be checked or replaced. The NTP configuration and time synchronization in particular, is important for systems. It helps with properly logging the actual time, which is needed for many services. Having the right time is also important for accounting purposes and forensics. Time
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5

[TIME-3124] NTP time local source used Category  
When only a local source is being used on a system, it might indicate that external sources are not reachable or usable. The NTP configuration and time synchronization in particular, is important for systems. It helps with properly logging the actual time, which is needed for many services. Having the right time is also important for accounting purposes and forensics. Check the NTP configuration of this system to determine the cause of this finding. Time
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5

[TIME-3128] NTP time source candidates Category  
Lynis checks if the NTP time source candidates can be found in the peers overview. If not, then the configuration usually needs to be checked and updated. Differences between the active configuration and the one stored on disk, may result in a non-functional NTP configuration after reboot. Time
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5

[TIME-3132] NTP false-tickers Category  
False-tickers are NTP sources which do not work properly (e.g. non-functional, time not accurate). Lynis checks for false-tickers to prevent systems using bad sources for time synchronization. This may otherwise result in incorrect timestamps in log files and accounting data. Time
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5

[TIME-3136] NTP protocol version Category  
The NTP protocol version is gathered by Lynis as an informational test. Only when Lynis is not being able to detect the version, it will provide a suggestion to check it manually. Time
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5

[TIME-3160] NTP step-tickers configuration Category  
Lynis checks if step-tickers are configured in /etc/ntp/step-tickers and compares them with the list of servers in the general NTP configuration file. Time
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5