Enable the NTP Service

Docs > Datadog Security > OOTB Rules > Enable the NTP Service

Classification:

compliance

Framework:

Control:

Description

The ntp service can be enabled with the following command:

$ sudo systemctl enable ntp.service

Rationale

Enabling the ntp service ensures that the ntp service will be running and that the system will synchronize its time to any servers specified. This is important whether the system is configured to be a client (and synchronize only its own clock) or it is also acting as an NTP server to other systems. Synchronizing time is essential for authentication services such as Kerberos, but it is also important for maintaining accurate logs and auditing possible security breaches.

The NTP daemon offers all of the functionality of ntpdate, which is now deprecated.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { dpkg-query --show --showformat='${db:Status-Status}\n' 'ntp' 2>/dev/null | grep -q installed; }; then

SYSTEMCTL\_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL\_EXEC" unmask 'ntp.service'
"$SYSTEMCTL\_EXEC" start 'ntp.service'
"$SYSTEMCTL\_EXEC" enable 'ntp.service'

else
 >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Gather the package facts
 package\_facts:
 manager: auto
 tags:
 - NIST-800-53-AU-8(1)(a)
 - NIST-800-53-CM-6(a)
 - PCI-DSS-Req-10.4
 - PCI-DSSv4-10.6.1
 - enable\_strategy
 - high\_severity
 - low\_complexity
 - low\_disruption
 - no\_reboot\_needed
 - service\_ntp\_enabled

- name: Enable service ntp
 block:

 - name: Gather the package facts
 package\_facts:
 manager: auto

 - name: Enable service ntp
 systemd:
 name: ntp
 enabled: 'yes'
 state: started
 masked: 'no'
 when:
 - '"ntp" in ansible\_facts.packages'
 when:
 - ansible\_virtualization\_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"ntp" in ansible\_facts.packages'
 tags:
 - NIST-800-53-AU-8(1)(a)
 - NIST-800-53-CM-6(a)
 - PCI-DSS-Req-10.4
 - PCI-DSSv4-10.6.1
 - enable\_strategy
 - high\_severity
 - low\_complexity
 - low\_disruption
 - no\_reboot\_needed
 - service\_ntp\_enabled