The Elliquiy LAMP Stack: NTP configuration

Started by Vekseid, March 27, 2009, 08:41:41 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Vekseid

March 27, 2009, 08:41:41 PM Last Edit: March 29, 2009, 06:11:51 PM by Vekseid
The Elliquiy LAMP Stack

1: Introduction and Overview
2: General Configuration
3: General Security
4: IPTables configuration
5: Postfix configuration
6: ntp configuration
7: Apache compilation and configuration
8: MySQL compilation and configuration
9: PHP compilation and configuration
10: Conclusion and future plans



NTP

Overkill? Maybe. My forums are used by roughly a thousand people a day. Why not have something they can set a watch to?

A common attitude when installing ntp is to secure a bit to tightly and subsequently break it. It's an annoyingly promiscuous daemon and the desire to shut it up is only natural.

As /etc/ntp.conf says, it sets ntpd to exchange time with everyone by default. We don't necessarily want that by default, especially with our IPTables configuration, so set accordingly:

Code Select

# By default, exchange time with everybody, but don't allow configuration.
# restrict -4 default kod notrap nomodify nopeer noquery
# restrict -6 default kod notrap nomodify nopeer noquery

restrict -4 ignore
restrict -6 ignore

restrict 0.debian.pool.ntp.org
restrict 1.debian.pool.ntp.org
restrict 2.debian.pool.ntp.org
restrict 3.debian.pool.ntp.org

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1


Obviously, if you want to run a public server or serve your subnet, you will want to consult the documentation and adjust this appropriately : ) The key here is removing the restrictions on the ntp servers we are using.
Print
Go Up Pages1
User actions