NTP
[root@server1 ~]# yum install ntp
/usr/sbin/ntpd —> Service
/etc/ntp.conf —> Main File
/etc/ntp/keys —> Contains Encryption keys
/var/lib/ntp/drift —> Hardware clock drift statistic ( A file that will be used to store information about the inaccuracy of the local hardware clock.
/etc/ntp/step-trickers —> Optional server to use for initial clock syncronize at boot
/etc/sysconfig/ntpd —> Passes command-line option to ntpd
Utilities:-
/usr/sbin/ntpdate —> Set the system clock once from NTP Server
/usr/sbin/ntp-genkeys —> Generate a encryption key for Security
/usr/sbin/ntpq —> Standard Ntp query tool
/usr/sbin/ntpdc —> Special Ntp query tool
/usr/sbin/ntptrace —> Trace the chain of NTP Server back to initial time source
At least three Ntp Server as time source use for Organization.
Client Configuration:
[root@server3 ~]# vim /etc/ntp.conf
server 10.10.10.1
driftfile /var/lib/ntp/drift
[root@server ~]# iptables -t filter -I INPUT -p udp –dport 123 -j ACCEPT
[root@server1 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Server Configuration:
[root@server1 ~]# vim /etc/ntp.conf
server 1.asia.pool.ntp.org —> Public NTP Server
peer 10.10.10.2 —> Server Peer
server 127.127.29.0 —> A Trimble GPS (On a serial port)
server 127.127.1.0 —> Motherboard Hardware Clock
fudge 127.127.1.0 stratum 10 —> Which is advertise as high (unreliable) stratum 10-15
[root@server1 ~]# iptables -t filter -I INPUT -p udp –dport 123 -j ACCEPT
[root@server1 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Restrict and Access control:-
[root@server1 ~]# cat /etc/ntp.conf | grep restrict
restrict 10.10.10.2 —> No restriction
restrict 10.10.10.3 ignore —> Ignore all packet from this host
[root@server3 ~]# ntpdate 10.10.10.1
30 Jul 20:00:36 ntpdate[3212]: no server suitable for synchronization found
restrict 10.10.10.0 mask 255.255.255.0 nomodify —> Ignore remote config. request
noquery —> Ignore all status query and config req.