From Apple OS X 10.13 Security Technical Implementation Guide
Part of SRG-OS-000355-GPOS-00143
Associated with: CCI-001891 CCI-002046
Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside of the configured acceptable allowance (drift) may be inaccurate.
The Network Time Protocol (NTP) service must be enabled on all networked systems. To check if the service is running, use the following command: /usr/bin/sudo /bin/launchctl list | grep org.ntp.ntpd If nothing is returned, this is a finding. To verify that an authorized NTP server is configured, run the following command or examine "/etc/ntp.conf": /usr/bin/sudo /usr/bin/grep ^server /etc/ntp.conf Only approved time servers should be configured for use. If no server is configured, or if an unapproved time server is in use, this is a finding.
To enable the NTP service, run the following command: /usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/org.ntp.ntpd.plist To configure one or more time servers for use, edit "/etc/ntp.conf" and enter each hostname or IP address on a separate line, prefixing each one with the keyword "server".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer