Description of problem:
If there is no server or pool setting in /etc/chrony.conf, the remediation for rule chronyd_or_ntpd_set_maxpoll doesn't add maxpoll to anywhere and the rule fails in the scan after remediation.
In our weekly productization runs this happens on ppc64le systems. The ppc64le systems in Testing Farm use chrony-dhcp to get the NTP server address. They don't have any server or pool in /etc/chrony.conf, but they contain this in /etc/chrony.conf:
# Use NTP servers from DHCP.
sourcedir /run/chrony-dhcp
SCAP Security Guide Version:
Current upstream master branch as of 2026-03-08 as of HEAD c4ab25f
Operating System Version:
RHEL-9.2.0-updates-20260306.0
RHEL-9.4.0-updates-20260306.1
RHEL-9.6.0-updates-20260306.0
RHEL-9.7.0-updates-20260306.0
Steps to Reproduce:
- /hardening/host-os/oscap/stig
- /hardening/host-os/ansible/stig
Actual Results:
chronyd_or_ntpd_set_maxpoll fails after remediation
Expected Results:
chronyd_or_ntpd_set_maxpoll passes after remediation
Additional Information/Debugging Steps:
no
Description of problem:
If there is no
serverorpoolsetting in/etc/chrony.conf, the remediation for rulechronyd_or_ntpd_set_maxpolldoesn't addmaxpollto anywhere and the rule fails in the scan after remediation.In our weekly productization runs this happens on ppc64le systems. The ppc64le systems in Testing Farm use chrony-dhcp to get the NTP server address. They don't have any
serverorpoolin/etc/chrony.conf, but they contain this in/etc/chrony.conf:SCAP Security Guide Version:
Current upstream master branch as of 2026-03-08 as of HEAD c4ab25f
Operating System Version:
RHEL-9.2.0-updates-20260306.0
RHEL-9.4.0-updates-20260306.1
RHEL-9.6.0-updates-20260306.0
RHEL-9.7.0-updates-20260306.0
Steps to Reproduce:
Actual Results:
chronyd_or_ntpd_set_maxpoll fails after remediation
Expected Results:
chronyd_or_ntpd_set_maxpoll passes after remediation
Additional Information/Debugging Steps:
no