STIG ID: ALMA-09-028510 | SRG: SRG-OS-000095-GPOS-00049 | Severity: medium | CCI: | Vulnerability Id: V-269332
Not exposing the management interface of the chrony daemon on the network reduces the attack surface.
Configure AlmaLinux OS 9 to disable remote management of the chrony daemon by adding/modifying the following line in the /etc/chrony.conf file:
cmdport 0
Verify AlmaLinux OS 9 disables remote management of the chrony daemon with the following command:
$ chronyd -p | grep -w cmdport
cmdport 0
If the "cmdport" option is not set to "0" or is missing, this is a finding.