Fix CIS 2.2.1.2
Nessus requires that 'restrict' lines contain arguments in a specific order.
Non-compliant file(s)
---------------------
/etc/ntp.conf - regex '^[\s]*restrict[\s]+-4[\s][^:]' found
expect '^[\s]*restrict[\s]+-4[\s]+default[\s]+kod[\s]+nomodify[\s]+notrap[\s]+nopeer[\s]+noquery[\s]*$' not found in the following lines:
15: restrict -4 default kod notrap nomodify nopeer noquery
Solution
--------
Add or edit restrict lines in /etc/ntp.conf to match the following:
restrict -4 default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
Change-Id: Ie26b56d85c9e6aac1526f991c676e5cca75ef00d
diff --git a/ntp/files/ntp.conf b/ntp/files/ntp.conf
index 9356420..e2cbe14 100644
--- a/ntp/files/ntp.conf
+++ b/ntp/files/ntp.conf
@@ -79,8 +79,8 @@
{%- endif %}
# Exchange time with everybody, but don't allow configuration.
-restrict -4 default kod notrap nomodify nopeer noquery
-restrict -6 default kod notrap nomodify nopeer noquery
+restrict -4 default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
# Only allow read-only access from localhost
restrict 127.0.0.1