From b36087e8407885d418d8411d15675c1d3194b91a Mon Sep 17 00:00:00 2001
From: dominiquefournier <dominique@fournier38.fr>
Date: Tue, 7 Mar 2023 11:43:02 +0100
Subject: [PATCH 1/2] Update 6.19_configure_ntp.sh

Add systemd-timesyncd
---
 bin/hardening/6.19_configure_ntp.sh | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/bin/hardening/6.19_configure_ntp.sh b/bin/hardening/6.19_configure_ntp.sh
index 1f31320..529ba8a 100755
--- a/bin/hardening/6.19_configure_ntp.sh
+++ b/bin/hardening/6.19_configure_ntp.sh
@@ -15,7 +15,7 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=3
 HARDENING_EXCEPTION=ntp
 
-ANALOGOUS_PKG='chrony'
+ANALOGOUS_PKG='chrony systemd-timesyncd'
 PACKAGE='ntp'
 NTP_CONF_DEFAULT_PATTERN='^restrict -4 default (kod nomodify notrap nopeer noquery|ignore)'
 NTP_CONF_FILE='/etc/ntp.conf'
@@ -26,10 +26,14 @@ NTP_POOL_CFG='pool 2.debian.pool.ntp.org iburst'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    is_pkg_installed $ANALOGOUS_PKG
-    if [ $FNRET = 0 ]; then
-        ok "Analogous pagkage $ANALOGOUS_PKG is installed. So pass check."
-    else
+    for PKG in $ANALOGOUS_PKG; do
+        is_pkg_installed $PKG
+        if [ $FNRET = 0 ]; then
+             ok "Analogous pagkage $PKG is installed. So pass check."
+             exit               
+        fi              
+    done        
+
         is_pkg_installed $PACKAGE
         if [ $FNRET != 0 ]; then
             crit "$PACKAGE is not installed!"
@@ -54,7 +58,6 @@ audit () {
                 ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE"
             fi
         fi
-    fi
 }
 
 # This function will be called if the script status is on enabled mode

From 1b7ee817945cad97c5f856564972b5bb4eb13276 Mon Sep 17 00:00:00 2001
From: root <root@bastion.grenoble.cnrs.fr>
Date: Tue, 7 Mar 2023 13:55:24 +0100
Subject: [PATCH 2/2] Add systemd-timesyncd server

---
 bin/hardening/6.20_configure_chrony.sh             | 14 ++++++++------
 .../6.5_ensure_time_sync_server_is_installed.sh    |  2 +-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/bin/hardening/6.20_configure_chrony.sh b/bin/hardening/6.20_configure_chrony.sh
index bc86f16..2fa9768 100755
--- a/bin/hardening/6.20_configure_chrony.sh
+++ b/bin/hardening/6.20_configure_chrony.sh
@@ -15,7 +15,7 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=3
 HARDENING_EXCEPTION=ntp
 
-ANALOGOUS_PKG='ntp'
+ANALOGOUS_PKG='ntp systemd-timesyncd'
 PACKAGE='chrony'
 NTP_CONF_FILE='/etc/chrony/chrony.conf'
 NTP_SERVER_PATTERN='^(server|pool)'
@@ -26,10 +26,13 @@ audit () {
 	if [ $OS_RELEASE -eq 2 ]; then
 		ok "Redhat or CentOS does not have this check, so PASS"
 	else
-    	is_pkg_installed $ANALOGOUS_PKG
-    	if [ $FNRET = 0 ]; then
-			ok "Analogous pagkage $ANALOGOUS_PKG is installed. So pass check."
-		else
+		for PKG in $ANALOGOUS_PKG; do
+		    	is_pkg_installed $PKG
+		    	if [ $FNRET = 0 ]; then
+				ok "Analogous pagkage $PKG is installed. So pass check."
+				exit
+			fi
+		done
     		is_pkg_installed $PACKAGE
     		if [ $FNRET != 0 ]; then
         		crit "$PACKAGE is not installed!"
@@ -42,7 +45,6 @@ audit () {
             		ok "$NTP_SERVER_PATTERN found in $NTP_CONF_FILE"
         		fi
     		fi
-		fi
 	fi
 }
 
diff --git a/bin/hardening/6.5_ensure_time_sync_server_is_installed.sh b/bin/hardening/6.5_ensure_time_sync_server_is_installed.sh
index bf164c9..8d08ac4 100755
--- a/bin/hardening/6.5_ensure_time_sync_server_is_installed.sh
+++ b/bin/hardening/6.5_ensure_time_sync_server_is_installed.sh
@@ -13,7 +13,7 @@ set -e # One error, it's over
 set -u # One variable unset, it's over
 
 HARDENING_LEVEL=3
-PACKAGES='ntp chrony'
+PACKAGES='ntp chrony systemd-timesyncd'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {