bfcf6c7423
This role contains around 150 controls from the 270+ controls that exist in the RHEL 6 STIG. New controls are still being added. Implements: blueprint security-hardening Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6
21 lines
925 B
ReStructuredText
21 lines
925 B
ReStructuredText
The ``chrony`` service is installed to manage clock synchronization for hosts
|
|
and to serve as an NTP server for NTP clients. Chrony was chosen over ntpd
|
|
because it's actively maintained and has some enhancements for virtualized
|
|
environments.
|
|
|
|
There are two configurations available for users to adjust chrony's default
|
|
configuration:
|
|
|
|
The ``ntp_servers`` variable is a list of NTP servers that
|
|
chrony should use to synchronize time. They are set to North American NTP
|
|
servers by default.
|
|
|
|
The ``allowed_ntp_subnets`` variable is a list of subnets (in CIDR notation)
|
|
that are allowed to reach your servers running chrony. A sane default is
|
|
chosen (all RFC1918 networks are allowed), but this can be easily adjusted.
|
|
|
|
For more information on chrony, review the `chrony documentation`_ at the
|
|
upstream site, or run `man chrony` on a host with chrony installed.
|
|
|
|
.. _chrony documentation: http://chrony.tuxfamily.org/faq.html
|