Blade ZipKit – Network Time Protocol Compliance
Blade ZipKit Package Info
Name: NTP Vulnerabilities Check
Type: Component Template
BSA Compatible Version: 8.3, 8.5, 8.6, 8.7
Created by: Pankaj Kumar Singh
Tested version on: 8.3.00.216
Tested against host running: Red Hat
This Component Template checks Network Time Protocol Vulnerabilities using BSA!
This update address a problem which was highlighted by the US Government (https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A). The vulnerability has the potential to allow an attacker to execute arbitrary code using the privileges of the ntpd process.
The attached template works for following RHEL version and vulnerabilities
|Red Hat Enterprise Linux version 5||CVE-2014-9293, CVE-2014-9294, CVE-2014-9295|
|Red Hat Enterprise Linux version 6||CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296|
|Red Hat Enterprise Linux version 7||CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296|
The component template checks the following to check compliance
- Installed NTP version
- Change log
Standard Steps BSA Admin should follow
- Copy the template in local drive
- Using RCP, right click on the “Component template” node and Import.
- Select import (use version neutral)
- Your template with name “NTP Vulnerabilities Detection” will be created under folder “NTP Vulnerabilities Detection”
- Create and run Discovery job for managed servers (RHEL only)
- Create and run Compliance Job using the template.
- Job result view will list non-compliant servers.
- Run the remediation job by right clicking the root node – Template node under Job Results view.
- Remediation job uses “yum –y update ntp” command to update the package.
- After remediation job is successfully completed, re-run the compliance Job(Rescan).
- Your server should be patched to latest ntp package .