FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 04-22-2008, 09:07 AM
"Simon Jolle"
 
Default deny other hosts from synchronizing time with NTP client

Hi CentOS users

We are running CentOS 4.5 with NTP 4.2.0.

# cat /etc/ntp.conf
restrict default ignore
restrict dns1.xxx.xxx mask 255.255.255.0 nomodify notrap noquery
restrict dns2.xxx.xxx mask 255.255.255.0 nomodify notrap noquery
restrict 127.0.0.1
server dns1.xxx.xxx
server dns2.xxx.xxx
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp/drift
broadcastdelay 0.008
authenticate no

The problem is that other hosts are able to synchronize the time from
our servers. How to disable that?

# lsof -i :123
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
ntpd 4874 ntp 4u IPv4 35805 UDP *:ntp
ntpd 4874 ntp 5u IPv6 35806 UDP *:ntp
ntpd 4874 ntp 6u IPv4 35807 UDP localhost.localdomain:ntp
ntpd 4874 ntp 7u IPv4 35808 UDP xxx:ntp
ntpd 4874 ntp 8u IPv4 35809 UDP xxx:ntp
ntpd 4874 ntp 9u IPv4 35810 UDP xxx:ntp
ntpd 4874 ntp 10u IPv4 35811 UDP xxx:ntp

NTP listens on every interface.

cheers
Simon

--
XMPP: sjolle@swissjabber.org
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-23-2008, 01:58 AM
"Filipe Brandenburger"
 
Default deny other hosts from synchronizing time with NTP client

On Tue, Apr 22, 2008 at 5:07 AM, Simon Jolle <urandomdev@gmail.com> wrote:
> The problem is that other hosts are able to synchronize the time from
> our servers. How to disable that?

Which other hosts? Other hosts in the same subnet as dns1 and dns2?

If that is the problem, maybe you should try changing "mask
255.255.255.0" to "mask 255.255.255.255". The "mask 255.255.255.0"
means all the class C subnet.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-23-2008, 02:06 AM
John R Pierce
 
Default deny other hosts from synchronizing time with NTP client

Simon Jolle wrote:

The problem is that other hosts are able to synchronize the time from
our servers. How to disable that?



why is that a problem?


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-23-2008, 06:04 PM
Simon Jolle sjolle
 
Default deny other hosts from synchronizing time with NTP client

On 04/23/2008 03:58 AM, Filipe Brandenburger wrote:
> If that is the problem, maybe you should try changing "mask
> 255.255.255.0" to "mask 255.255.255.255". The "mask 255.255.255.0"
> means all the class C subnet.

Thank you

cheers
Simon

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 03:59 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org