| Navigate Spew | Show Archives |
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
Close Archives
| Aromatherapy (56) | [RSS] |
| Bullshit (70) | [RSS] |
| Day to Day (214) | [RSS] |
| Journeys (13) | [RSS] |
| Projects (36) | [RSS] |
| Software (165) | [RSS] |
| Squirrel Thursday (53) | [RSS] |
| Technology (120) | [RSS] |
Web Syndication
About Spew
My education is in Computer Network Technologies. I use my free thought, when any thoughts are present, to write and produce content in a wide spectrum format flow. One day I may explain a method for accomplishing a task on a BSD operating system, or spewing about my latest Sandalwood acquisition, and other times I will keep my thoughts I put to the screen more personal and opinionated with my current gush of text in relation to my tempered mood.
BLOGS & Friends Pages
Cache Mania
Andean Trekker
Nature's Gift Blog
EINSTEIN@HOME FreeBSD
Team FreeBSD HOME
Team FreeBSD Stats Page
Join Team FreeBSD
Journeys
Geo Join
Geocaching Album
My Cache Stats
Links Visited Daily
Woot!
Hot Links
Worse Than Failure
Forever Geek
Neatorama
Engadget
Boing Boing
Gizmodo
Hack a Day
My Content and Media
My NTP Pool Contribution
My BOINC Statistics
Geeky, Funny & Strange
Sense for Content
Geo Join Travel
Love Ale
Info Female
Info Male
Receive One
Cache Blogs
HOWTO: Securely Setup an NTP (The Network Time Protocol) Server - Simplified
31 August, 2010 02:15 CST6CDT
This documentation assumes you have a compiled and installed NTP server version of 4.2.6 or newer.
NTP is a protocol designed to synchronize the clocks of computers over a network. NTP version 3 is an internet draft standard, formalized in RFC 1305. NTP version 4 is a significant revision of the NTP standard, and is the current development version, but has not been formalized in an RFC. Simple NTP (SNTP) version 4 is described in RFC 2030. - [source]
The first two steps to begin the installation is to setup a NTP log file and a statsdir which will hold the servers log messages and time computations acquired from external stratum time servers. Here is an example of the first two lines in a ntp.conf (/etc/ntp.conf) file:
logfile /var/log/ntpd
statsdir /var/log/ntpstats/
When compiling by source, you may create the log file by issuing the command "touch /var/log/ntpd" and create the directory which will hold your NTPD statistics such as peer communications with the command "mkdir /var/log/ntpstats".
Now we want to keep good track of NTP server communication to better help your server synchronize its internal time clock. We will add the following four lines for this:
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
Next we will list the NTP servers you would like to communicate with in order to synchronize your system's time in conjunction with. These servers should only be used on a proven and sturdy machine:
server time.nist.gov
server time-a.nist.gov
server time-b.nist.gov
server utcnist.colorado.edu
server utcnist2.colorado.edu
At this point you will want to secure your NTP server. To do so we will start by denying all traffic in or out of this communication medium:
restrict default ignore
Now in order to negotiate synchronization to the time servers listed above, you will want to allow your server permission to query these hosts by resolving the IP addresses and granting query actions:
# time.nist.gov
restrict 192.43.244.18 mask 255.255.255.245 nomodify notrap noquery
# time-a.nist.gov
restrict 129.6.15.28 mask 255.255.255.245 nomodify notrap noquery
# time-b.nist.gov
restrict 129.6.15.29 mask 255.255.255.245 nomodify notrap noquery
# utcnist.colorado.edu
restrict 128.138.140.44 mask 255.255.255.245 nomodify notrap noquery
# utcnist2.colorado.edu
restrict 128.138.188.172 mask 255.255.255.245 nomodify notrap noquery
In order to allow local or remote hosts access to your time server after it has been properly synced to your correct time, you may add the following rule to respond to queries, with this example, on a class C network:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Most importantly, do not forget to assign your drift file and directory:
driftfile /var/lib/ntp/drift
You may create this using: "mkdir /var/lib/ntp; touch /var/lib/ntp/drift". Note that if you decide to run NTPD under a non root user, this directory must have full write access to your alternative username, as with the ntpd and statsdir file and directory mentioned above.
I will touch on two ntpd command switches that may come in usefull.
The "-g" switch will allow your NTPD process to continue running if your internal time clock is off by more than 1000 seconds. If this switch is not present and your time is stewed & spewed, the process will die. The "-I eth0" switch, as an example, allows you to bind NTPD to a physical network interface. The interface may be eth0, eth1, lo, etc.
The configuration above should get you headed in the right direction to set up a network time server and client.
Software Projects Article & Comments (1)
 |
correction: drift file |
|
You should not do a "touch /var/lib/ntp/drift" as it will create an invalid application data file. This file will be created automatically by ntpd. It may take up to 14 hours, even longer in some cases to estimate the time drift. Myside | 09/03/2010, 12:59 [Reply] |
|
|
Add a Comment |
|---|
|
your e-mail address will NOT be shared |
|
Main Entry: spew Pronunciation: \ˈspyü\
intransitive verb
Function: verb
Etymology: Middle English, from Old English spīwan; akin to Old High German spIwan to spit, Latin spuere, Greek ptyein First Known Use: before 12th centurytransitive verb
- VOMIT
- to come forth in a flood or gush
- to ooze out as if under pressure : EXUDE
- VOMIT
- to send or cast forth with vigor or violence or in great quantity <a volcano spewing out ash> —often used with out —spew·er noun