The Elliquiy LAMP Stack
1: Introduction and Overview
2: General Configuration
3: General Security
4: IPTables configuration
5: Postfix configuration
6: ntp configuration
7: Apache compilation and configuration
8: MySQL compilation and configuration
9: PHP compilation and configuration
10: Conclusion and future plans
Overkill? Maybe. My forums are used by roughly a thousand people a day. Why not have something they can set a watch to?
A common attitude when installing ntp is to secure a bit to tightly and subsequently break it. It's an annoyingly promiscuous daemon and the desire to shut it up is only natural.
As /etc/ntp.conf says, it sets ntpd to exchange time with everyone by default. We don't necessarily want that by default, especially with our IPTables configuration, so set accordingly:
# By default, exchange time with everybody, but don't allow configuration.
# restrict -4 default kod notrap nomodify nopeer noquery
# restrict -6 default kod notrap nomodify nopeer noquery
restrict -4 ignore
restrict -6 ignore
# Local users may interrogate the ntp server more closely.
Obviously, if you want to run a public server or serve your subnet, you will want to consult the documentation and adjust this appropriately : ) The key here is removing the restrictions on the ntp servers we are using.