Skip to content

Rage Against the Shell

Linux tips and other things…

  • Home
  • Contact
  • Privacy Policy

Day: September 24, 2015

Configure a NTP server

Posted on September 24, 2015 - August 14, 2016 by Mr. Reboot

S.O: Ubuntu 14.04 LTS

Install ntp daemon:

~ $ apt-get install ntp

Now modify the configuration file /etc/ntp.conf, first configure the servers which will synchronize, for example:

server 1.2.3.1 prefer
server 1.2.3.2
server 1.2.3.3
server 1.2.3.4

With the option prefer you can establish preferred servers, in this case server 1.2.3.1. It’s optional.

Add drift file and log file:

driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log

The drift file contains the latest estimate of clock frequency error, and taking it as a reference, the NTP daemon will learn to adjust clock automatically.

Add localhost as a fallback server con a high stratum so that if none of our synchronization servers are working, NTP daemon can serve the local time (system clock time):

server 127.127.1.0
fudge 127.127.1.0 stratum 10

Stratum is a parameter used to synchronize the time based on distance. A server working at stratum 1 belongs to the class of best NTP servers available, because it has an accurate reference clock. So a stratum 10 server will have a low priority and usually will not be used for synchronize unless all other servers fail.

We want make a restrictive configuration so block all traffic by default:

restrict -4 default ignore
restrict -6 default ignore

And then permit the localhost;

restrict 127.0.0.1
restrict ::1

Synchronization servers:

restrict 1.2.3.1 kod notrap nomodify nopeer noquery
restrict 1.2.3.2 kod notrap nomodify nopeer noquery
restrict 1.2.3.3 kod notrap nomodify nopeer noquery
restrict 1.2.3.4 kod notrap nomodify nopeer noquery

And clients:

restrict 10.10.10.0 mask 255.255.0.0 nomodify notrap
restrict 192.168.172.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.0.10 nomodify notrap

The meaning of the restriction options is the next:

notrap: rejects packets not authenticated
nomodify: blocks access to ntpq and ntpdc queries which try to change the state of the server
nopeer: deny packets that try to making peering
noquery: rejects ntpq and ntpdc queries, time service is not affected

Finally restart the server:

~ $ /etc/init.d/ntp restart

TIP: if you want start service on IPv4 only, you can configure this at /etc/default/ntp file:

NTPD_OPTS='-4 -g'

Now at the client side you can use ntpdate to synchronize time. Install the packet:

~ $ apt-get install ntpdate

And create a cront task to execute ntpdate every 10 minutes:

*/10 * * * * /usr/sbin/ntpdate -u myntpserver.domain.com
Posted in NTPLeave a comment

Search

Calendar

September 2015
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
282930  
« Aug   Oct »

Categories

  • Apache
  • Cisco
  • Command line
  • Distros
  • Dovecot
  • File systems
  • Gadgets
  • GlusterFS
  • MySQL
  • Nginx
  • NTP
  • Opendkim
  • Pacemaker + Corosync
  • Postfix
  • Raspberrypi
  • SSH
  • SSL
  • Varnish

RSS RSS

  • Using qrencode January 16, 2022
  • Compile varnish module vmod_vsthrottle April 22, 2020
  • SSH vpn with sshuttle April 9, 2020
  • Disable swap in systemd December 16, 2019
  • Getting the parent process pid October 12, 2018
Proudly powered by WordPress | Theme: micro, developed by DevriX.