You are either not logged in or not registered with our community. Click here to register.
 
December 03, 2016, 03:55:22 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Send us your theme!

Hark!  The Herald!
Holiday Issue 2016

Wiki Blogs Dicebot

Author Topic: The Elliquiy LAMP Stack: NTP configuration  (Read 1534 times)

0 Members and 1 Guest are viewing this topic.

Offline VekseidTopic starter

The Elliquiy LAMP Stack: NTP configuration
« on: March 27, 2009, 08:41:41 PM »
The Elliquiy LAMP Stack

1: Introduction and Overview
2: General Configuration
3: General Security
4: IPTables configuration
5: Postfix configuration
6: ntp configuration
7: Apache compilation and configuration
8: MySQL compilation and configuration
9: PHP compilation and configuration
10: Conclusion and future plans



NTP

Overkill? Maybe. My forums are used by roughly a thousand people a day. Why not have something they can set a watch to?

A common attitude when installing ntp is to secure a bit to tightly and subsequently break it. It's an annoyingly promiscuous daemon and the desire to shut it up is only natural.

As /etc/ntp.conf says, it sets ntpd to exchange time with everyone by default. We don't necessarily want that by default, especially with our IPTables configuration, so set accordingly:

Code: [Select]
# By default, exchange time with everybody, but don't allow configuration.
# restrict -4 default kod notrap nomodify nopeer noquery
# restrict -6 default kod notrap nomodify nopeer noquery

restrict -4 ignore
restrict -6 ignore

restrict 0.debian.pool.ntp.org
restrict 1.debian.pool.ntp.org
restrict 2.debian.pool.ntp.org
restrict 3.debian.pool.ntp.org

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

Obviously, if you want to run a public server or serve your subnet, you will want to consult the documentation and adjust this appropriately : ) The key here is removing the restrictions on the ntp servers we are using.
« Last Edit: March 29, 2009, 06:11:51 PM by Vekseid »