Difference between revisions of "Redhat:NTS config"
Jump to navigation
Jump to search
(Created page with "== NTP Server Configuration == The ntp.conf file is also used to configure a Time server. === driftfile === The first directive is "driftfile". This defines the file us...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 18: | Line 18: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | {| class="wikitable" | ||
| + | |+ restrictions | ||
| + | |- | ||
| + | |default || refers to default connections from other systems | ||
| + | |- | ||
| + | | kod || sends the "kiss of death" to systems that violate access restrictions. Only works with limited flag, otherwise it can be removed in a breach | ||
| + | |- | ||
| + | | nomodify || denies attempts to change the server | ||
| + | |- | ||
| + | | notrap || denies the control message trap server | ||
| + | |- | ||
| + | | nopeer || stops access from other time servers | ||
| + | |- | ||
| + | | noquery || ipgnores infomation and configuration requests | ||
| + | |- | ||
| + | |} | ||
| − | |||
| − | + | ||
| + | * restrict server | ||
| + | |||
| + | When all of these restrictions are combined they will not work for a Time Server. | ||
| + | |||
| + | Specifically a time server has to synchronize with peers. So obviously 'nopeers' should be removed. | ||
| + | |||
| + | To allow other systems to syncronise with your server 'noquery' should be revolved. | ||
Latest revision as of 19:38, 28 August 2013
NTP Server Configuration
The ntp.conf file is also used to configure a Time server.
driftfile
The first directive is "driftfile". This defines the file used to monitor errors in the local system clock.
restrict
The "restict" directive can help protect the NTP server. By default it works on ipv4, but the -6 flag works on ipv6 networks.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery| default | refers to default connections from other systems |
| kod | sends the "kiss of death" to systems that violate access restrictions. Only works with limited flag, otherwise it can be removed in a breach |
| nomodify | denies attempts to change the server |
| notrap | denies the control message trap server |
| nopeer | stops access from other time servers |
| noquery | ipgnores infomation and configuration requests |
- restrict server
When all of these restrictions are combined they will not work for a Time Server.
Specifically a time server has to synchronize with peers. So obviously 'nopeers' should be removed.
To allow other systems to syncronise with your server 'noquery' should be revolved.