You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been doing a lot of STIG and CIS compliance and they both check for the "OPTIONS=-u chrony" in /etc/sysconfig/chronyd file.
I realize that (at least on newer RHEL and variants) that the chrony daemon does run as the chrony user but the vendors don't check for the process owner and trying to convince them to change the ruleset to pass the rule/audit is extremely difficult.
I recommend that the /etc/sysconfig/chronyd be managed as it's easier to manage this file (in order to pass CIS/STIG tests) than it is to convince the vendors to change their rules. In addition, the file is part of the Red Hat RPM package and probably should be managed anyway.
The text was updated successfully, but these errors were encountered:
I've been doing a lot of STIG and CIS compliance and they both check for the "OPTIONS=-u chrony" in /etc/sysconfig/chronyd file.
I realize that (at least on newer RHEL and variants) that the chrony daemon does run as the chrony user but the vendors don't check for the process owner and trying to convince them to change the ruleset to pass the rule/audit is extremely difficult.
I recommend that the /etc/sysconfig/chronyd be managed as it's easier to manage this file (in order to pass CIS/STIG tests) than it is to convince the vendors to change their rules. In addition, the file is part of the Red Hat RPM package and probably should be managed anyway.
The text was updated successfully, but these errors were encountered: