ansible-hardening/V-72269.rst at f422da8599c6d8f64ebfefbf0a0aa711ea1f9569

---id: V-72269 status: implemented tag: misc ---

The tasks in the security role make the following changes on each host:

The chrony package is installed.
The service (chronyd on Red Hat, CentOS, SLE and openSUSE Leap, chrony on Ubuntu) is started and enabled at boot time.
A configuration file template is deployed that includes maxpoll 10 on each server line.

Deployers can opt out of these changes by setting the following Ansible variable:

security_rhel7_enable_chrony: no

Note

Although the STIG mentions the traditional ntpd service, this role uses chrony, which is a more modern implementation.