NTP charm causes non DISA-STIG compliance
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NTP Charm |
Invalid
|
Undecided
|
Unassigned |
Bug Description
ubuntu 20.04.5
juju 2.9.37
charm latest/stable rev CH:50
ntp 3.5
When running `sudo usg fix disa_stig` against an ubuntu 20.04.5 machine, it becomes DISA-STIG compliant.
running `juju add-machine <user>@<ip>` and then `juju deploy ubuntu --to 0; juju deploy nfp; juju add-relation ntp ubuntu'` causes DISA-STIG to no longer be compliant
Specifically, running a diff against the compliant results `sudo usg audit disa_stig` and then against the newly deployed ntp charm causes the following diff:
```- <rule-result idref="
- <result>
+ <rule-result idref="
+ <result>
<check system="http://
</check>
</rule-result>
```
ntp charm is breaking the chronyd_sync_clock DISA-STIG compliance.
Hi Jeff,
Would you have more details as to what's going on here ? What does the "chronyd_ sync_clock" check do exactly ?
Is it possible that installing the charm changes the NTP sources, and so it takes chronyd some time to get in sync again ? (if these new sources are reachable at all)
Thanks