ComplianceAsCode · jan-cerny · Jun 9, 2026 · Jun 5, 2026
diff --git a/linux_os/guide/services/ntp/chronyd_configure_pool_and_server/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_configure_pool_and_server/ansible/shared.yml
@@ -9,7 +9,7 @@
 - name: {{{ rule_title }}} - Add missing / update wrong records for remote time servers
   ansible.builtin.lineinfile:
     path: {{{ chrony_conf_path }}}
-    regexp: '^\s*\bserver\b\s*\b{{ item }}\b$'
+    regexp: '^\s*\bserver\b\s*\b{{ item }}\b'
     state: present
     line: 'server {{ item }}'
     create: true
@@ -19,7 +19,7 @@
 - name: {{{ rule_title }}} - Add missing / update wrong records for remote time pools
   ansible.builtin.lineinfile:
     path: {{{ chrony_conf_path }}}
-    regexp: '^\s*\bpool\b\s*\b{{ item }}\b$'
+    regexp: '^\s*\bpool\b\s*\b{{ item }}\b'
     state: present
     line: 'pool {{ item }}'
     create: true

diff --git a/linux_os/guide/services/ntp/chronyd_configure_pool_and_server/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_configure_pool_and_server/oval/shared.xml
@@ -16,7 +16,7 @@
           <split delimiter=",">
               <variable_component var_ref="var_multiple_time_servers" />
           </split>
-          <literal_component>$</literal_component>
+          <literal_component>([[:space:]].*)?$</literal_component>
       </concat>
   </local_variable>
 
@@ -29,7 +29,7 @@
           <split delimiter=",">
               <variable_component var_ref="var_multiple_time_pools" />
           </split>
-          <literal_component>$</literal_component>
+          <literal_component>([[:space:]].*)?$</literal_component>
       </concat>
   </local_variable>
 

@@ -0,0 +1,6 @@
+#!/bin/bash
+# packages = chrony
+# variables = var_multiple_time_servers=0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org,var_multiple_time_pools=0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org
+
+echo "" > {{{ chrony_conf_path }}}
+echo "pool 2.debian.pool.ntp.org iburst" >> {{{ chrony_conf_path }}}
@@ -0,0 +1,6 @@
+#!/bin/bash
+# packages = chrony
+# variables = var_multiple_time_servers=0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org,var_multiple_time_pools=0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org
+
+echo "" > {{{ chrony_conf_path }}}
+echo "server 2.debian.pool.ntp.org iburst maxpoll 10" >> {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/debian.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/debian.sh
@@ -0,0 +1,3 @@
+# platform = multi_platform_debian
+
+{{{ bash_replace_or_append(chrony_conf_path, '^user', '_chrony', '%s %s', cce_identifiers=cce_identifiers) }}}
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml
@@ -29,7 +29,7 @@
   </ind:textfilecontent54_object>
 
 </def-group>
-{{%- elif 'ubuntu' in product -%}}
+{{%- elif 'ubuntu' in product or 'debian' in product -%}}
 {{{ oval_check_config_file(path='/etc/chrony/chrony.conf', prefix_regex='^[ \\t]*', parameter='user', separator_regex='[[:space:]]', value='_chrony', missing_parameter_pass=true, missing_config_file_fail=false, rule_id=rule_id, rule_title=rule_title) }}}
 {{%- else -%}}
 {{{ oval_check_config_file(path='/etc/sysconfig/chronyd', prefix_regex='^[ \\t]*', parameter='OPTIONS', separator_regex='=', value='["]?.*-u[\s]*chrony.*["]?', missing_parameter_pass=ok_by_default, missing_config_file_fail=true, rule_id=rule_id, rule_title=rule_title) }}}

diff --git a/linux_os/guide/services/ntp/package_timesyncd_installed/rule.yml b/linux_os/guide/services/ntp/package_timesyncd_installed/rule.yml
@@ -19,7 +19,7 @@ references:
     nist-csf: PR.PT-1
     pcidss: Req-10.4
 
-{{%- if 'ubuntu' in product %}}
+{{%- if 'ubuntu' in product or 'debian' in product %}}
 template:
     name: package_installed_guard_var
     vars:

diff --git a/linux_os/guide/services/ntp/service_chronyd_disabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_disabled/rule.yml
@@ -13,7 +13,7 @@ severity: medium
 
 platform: package[chrony]
 
-{{%- if 'ubuntu' in product %}}
+{{%- if 'ubuntu' in product or 'debian' in product %}}
 template:
     name: service_disabled_guard_var
     vars:
@@ -27,6 +27,4 @@ template:
     vars:
         packagename: chrony
         servicename: chronyd
-        servicename@ubuntu2204: chrony
-        servicename@debian12: chrony
 {{%- endif %}}
diff --git a/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml b/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml
@@ -19,11 +19,11 @@
 
 severity: medium
 
-platform: package[systemd]
+platform: package[systemd-timesyncd]
 
 identifiers:
     cce@sle12: CCE-92374-8
    cce@sle15: CCE-92538-8 

 references:
    cis@sle12: 2.2.1.2

diff --git a/linux_os/guide/services/ntp/service_timesyncd_disabled/rule.yml b/linux_os/guide/services/ntp/service_timesyncd_disabled/rule.yml
@@ -17,7 +17,7 @@ severity: medium
 
 platform: package[systemd-timesyncd]
 
-{{%- if 'ubuntu' in product %}}
+{{%- if 'ubuntu' in product or 'debian' in product %}}
 template:
     name: service_disabled_guard_var
     vars:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# platform = multi_platform_debian

		{{{ bash_replace_or_append(chrony_conf_path, '^user', '_chrony', '%s %s', cce_identifiers=cce_identifiers) }}}