UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Automation Controller must compare internal application server clocks at least every 24 hours with an authoritative time source.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256909 APAS-AT-000093 SV-256909r902297_rule Medium
Description
When conducting forensic analysis and investigating system events, it is critical that timestamps accurately reflect the time of application events. If timestamps are not deemed to be accurate, the integrity of the forensic analysis and the associated determinations are at stake. This leaves the organization and the system vulnerable to intrusions. Satisfies: SRG-APP-000371-AS-000077, SRG-APP-000372-AS-000212
STIG Date
Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide 2023-03-15

Details

Check Text ( C-60584r902295_chk )
As a system administrator for each Automation Controller host, ensure the NTP client is configured to synchronize to an organizationally defined NTP server:

chronyc sources

If the Automation Controller host is not configured to use an organizationally defined NTP server, this is a finding.

Ensure the NTP time synchronization is operational:

chronyc activity | head -n 1 | grep "200 OK" >/dev/null || echo "FAILED"
sudo systemctl is-active chrony > /dev/null|| echo "FAILED"

If "FAILED" is displayed, this is a finding.
Fix Text (F-60526r902296_fix)
As a system administrator, for each Automation Controller host, configure the NTP client to synchronize to an organizationally defined NTP server:

vi /etc/chrony.conf

Restart the Automation Controller host:

$ shutdown -r