2192617 – When applying DISA STIG Profile it either automatically change the pool or recommend the person implementing the stig policy to use it.

Bug 2192617 - When applying DISA STIG Profile it either automatically change the pool or recommend the person implementing the stig policy to use it.

Summary: When applying DISA STIG Profile it either automatically change the pool or re...

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Vojtech Polasek
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-05-02 14:02 UTC by jfaison
Modified:	2023-07-17 19:42 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-156212	0	None	None	None	2023-05-02 14:03:25 UTC

Comment 1 Greg King 2023-05-03 22:32:46 UTC

The title is misleading.

When applying the DISA stig profile, the default pool for /etc/chrony.conf should be us.pool.ntp.org instead of the global pool.  NTP requests to hostile countries are happening on the first boot of the newly installed OS before the admin can change the pool.  It is causing a lot of grief for DOD admin and security personnel.

Note You need to log in before you can comment on or make changes to this bug.