chronyd fails to start after hardening with `stig` profile

[matusmarhefka]

Description of problem:

After system is hardened with stig profile profile and rebooted, the chronyd complains it can't connect to the pool.

This seems to be caused by STIG hardening configuring NTS in chrony which is not compatible with FIPS:

• RHEL 9: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/configuring_basic_system_settings/configuring-time-synchronization_configuring-basic-system-settings#assembly_overview-of-network-time-security-in-chrony_configuring-time-synchronization
• RHEL 10: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/configuring_time_synchronization/overview-of-network-time-security-nts-in-chrony

Warning
NTS is not compatible with the FIPS and OSPP profile. When you enable the FIPS and OSPP profile, chronyd that is configured with NTS can abort with a fatal message. You can disable the OSPP profile and FIPS mode for chronyd service by adding the GNUTLS_FORCE_FIPS_MODE=0 setting to the /etc/sysconfig/chronyd file.

SCAP Security Guide Version:

master

Operating System Version:

RHEL 9, RHEL 10

Steps to Reproduce:

1. Run /scanning/boot-errors/stig test.

Actual Results:

chronyd: Could not connect to 188.124.59.142:4460 (2.rhel.pool.ntp.org) : Connection refused
chronyd: Could not connect to 46.28.110.153:4460 (2.rhel.pool.ntp.org) : Connection refused

Expected Results:

No failure after hardening.