Bug 2192617

Summary: When applying DISA STIG Profile it either automatically change the pool or recommend the person implementing the stig policy to use it.
Product: Red Hat Enterprise Linux 8 Reporter: jfaison
Component: scap-security-guideAssignee: Vojtech Polasek <vpolasek>
Status: CLOSED MIGRATED QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: ggasparb, gregory.l.king36.ctr, mhaicman, mlysonek, wsato
Target Milestone: rcKeywords: MigratedToJIRA, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-30 09:53:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Greg King 2023-05-03 22:32:46 UTC 
The title is misleading.

When applying the DISA stig profile, the default pool for /etc/chrony.conf should be us.pool.ntp.org instead of the global pool.  NTP requests to hostile countries are happening on the first boot of the newly installed OS before the admin can change the pool.  It is causing a lot of grief for DOD admin and security personnel.
Comment 4 RHEL Program Management 2023-08-30 08:26:46 UTC 
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.
Comment 5 RHEL Program Management 2023-08-30 09:53:43 UTC 
This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues.