Tuesday 6 May 2014

NTP on Linux


A Linux host needs NTP set to ensure correct time sync. These commands below set this for Linux systems, with an emphasis on Australian settings (swap in other NTP servers for non-Australian servers). This can be set simply by pasting the commands below into a Bash prompt (as root).

This guide makes no attempt to check/enforce the security of the NTP server: issues such disabling commands such as "mon" are not covered here, and appropriate firewalling is assumed. The NTP config file contained in Red Hat Enterprise Linux has a secure-by-default config (in RHEL6, if not prior as well), and the commands below simply assume security and configure the time sources.

All commands are IPv6-compatible, although only IPv4 is used in the addressing below.

Please note that Red Hat Enterprise Linux 7 has introduced Chrony as the default NTP service instead of the venerable NTPd - see notes at the end for chrony config.

Systems with NTPd

Install NTP on the system, strip defined servers

# For yum/RHEL-based systems
if [ `which yum` ] ; then yum install -y ntp; fi
# For apt/Debian-based systems
if [ `which apt-get` ] ; then apt-get install -y ntp; fi
# Backup original config
cp -p /etc/ntp.conf{,.orig}
# Strip all default servers
perl -i -pe 's/^server/#server/' /etc/ntp.conf


# Optional: Configure local timezone
ln -sf /usr/share/zoneinfo/Australia/Adelaide /etc/localtime

Add Local Servers

cat >> /etc/ntp.conf <<EOF
# NTP servers
server 192.168.1.1 prefer # Set this to your local NTP-serving machine if you have one
server 3.au.pool.ntp.org


EOF


Add Internode or Telstra Servers

Only required if you are on Internode networks:

cat >> /etc/ntp.conf <<EOF

# Internode NTP server

server ntp.on.net

EOF


Only required if you are on Telstra networks:

cat >> /etc/ntp.conf <<EOF

# NTP servers
server tic.ntp.telstra.net
server toc.ntp.telstra.net

EOF

Optional Step: Allow Local subnets to query this NTP

This will allow other machines on your local network to query this NTP server. Remember to allow inbound port UDP:123 on your host firewall.

cat >> /etc/ntp.conf <<EOF
# Allow Local subnets to query this NTP
restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap

EOF



Ensure NTP is started & starts on boot

Commands tested on RHEL6 only; other OSes left as an exercise for the reader.

service ntpd start
chkconfig ntpd on
 
 

Systems with Chrony (RHEL7 and others)

Red Hat Enterprise Linux 7 uses Chrony as the default NTP daemon - unless you have a good reason to use ntpd, then you can simply configure chrony the same way as above.

yum install -y chrony
# Show config
timedatectl
# Set timezone
timedatectl list-timezones | grep Adelaide
timedatectl set-timezone Australia/Adelaide
# Show NTP status
chronyc sources
# Change NTP config
perl -i -pe 's/^server/#server/' /etc/chrony.conf
cat >> /etc/chrony.conf <<EOF
# NTP servers
server 192.168.1.1 iburst # Set this to your local NTP-serving machine if you have one
server 3.au.pool.ntp.org iburst
EOF
chronyc sourcessystemctl restart chronyd.servicesystemctl enable chronyd.service


0 comments:

Post a Comment