TOSS 5 must disable network management of the chrony daemon.

Severity
Group ID
Group Title
Version
Rule ID
Date
STIG Version
lowV-282484SRG-OS-000095-GPOS-00049TOSS-05-000203SV-282484r1201332_rule2026-04-011

Description

Not exposing the management interface of the chrony daemon on the network diminishes the attack space. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000096-GPOS-00050

ℹ️ Check

Verify TOSS 5 disables network management of the chrony daemon using the following command: $ grep -w cmdport /etc/chrony.conf cmdport 0 If the "cmdport" option is not set to "0", is commented out, or is missing, this is a finding.

✔️ Fix

Configure TOSS 5 to disable network management of the chrony daemon by adding/modifying the following line in the "/etc/chrony.conf" file: cmdport 0