chrony and ntp checks should skip if package is not installed

[sblaisot]

2.2.1.3_configure_chrony consider check failed if chrony package is not installed. However, CIS benchmark §2.2.1.3 is only related to chrony proper configuration and clearly states:

This recommendation only applies if chrony is in use on the system.

so the check should be skipped if package is not installed instead of failing (like when grub is not in use for test 1.5.1_bootloader_ownership

same should apply to 2.2.1.4_configure_ntp if ntp is not instaled

2.2.1.3_configure_chrony  [ KO ] chrony is not installed!
2.2.1.3_configure_chrony  [ KO ] Check Failed

[ThibaultDewailly]

Hello Sebastien,

We currently disable the check on machines via configuration file where chrony (for instance) is not installed on the machine, wouldn't this solution work for you ?

[sblaisot]

yes, that would work.
However, on the other side, CIS benchmark clearly states that the recommandation only apply if chrony (resp. ntp) is in use so default config should skip if not installed I think.
I will try to publish a pull request.

[sblaisot]

enforcing either chrony or ntp is installed could be added as a 99.x check.