Amazon Linux 2023 chrony must be configured with a maximum interval of 24 hours between requests sent to a USNO server or a time server designated for the appropriate DOD network.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-274174 | SRG-OS-000355-GPOS-00143 | AZLX-23-002560 | SV-274174r1120510_rule | 2025-07-15 | 1 |
| Description |
|---|
| Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate. |
| ℹ️ Check |
|---|
| Verify Amazon Linux 2023 chrony service specifies a maximum interval of 24 hours between requests sent to a USNO server with the following command: Note: <USNO/DOD Server> is used in place of a time source IP address. $ sudo grep maxpoll /etc/chrony.conf server <USNO/DOD Server> iburst maxpoll 16 If the "maxpoll" option is not configured, commented out, or set to a number greater than 16 or the line is commented out then this is a finding. Verify Amazon Linux 2023 chrony service is configured to use authoritative USNO or appropriate DOD time source with the following command: $ sudo grep -i server /etc/chrony.conf server <USNO/DOD Server> If the parameter "server" is not set, or is not set to an authoritative USNO/DOD time source, then this is a finding. |
| ✔️ Fix |
|---|
| Configure Amazon Linux 2023 to compare internal information system clocks at least every 24 hours with an NTP server. Ensure the following line is added or updated in /etc/chrony.conf: server DOD.ntp.server iburst maxpoll 16 |