The Network Time Protocol (NTP) is used for synchronizing system time with reliable time servers over the Internet. The synchronization is performed by a dedicated service, the ntp daemon (ntpd). The configuration file of ntpd is the /etc/ntp.conf
file. The ntp.conf
configuration file is read at initial startup by the ntp daemon in order to specify the synchronization sources, modes and other related information.
Unlike the system logging and network configuration files, ntp.conf
does not have a manual page in the default installation of PNS. However, there are many useful sources available on NTP, see for details Chapter 9, Native services, the website of NTP protocol/service link in Appendix C, Further readings, RFC 1305 on NTP ver 3, and the manual page of ntp.conf
for accessing it on other Unix/Linux installations or on the Internet.
NTP itself can have a very sophisticated configuration with, for example, public key authentication, access control, or extensive monitoring options. At the very minimum, define a time server with which the firewall can synchronize time (the server key) .
Add the following line in the configuration file.
server 10.20.30.40
Note |
---|
If you supply more than one timeserver, the system time is more accurate, because during a time update all the listed servers are queried and a special algorithm selects the best (most accurate) of them. |
Additionally, since PNS can be used as an authentic time source for the network, you can limit the number of concurrent client connections using the clientlimit key, and you can set a minimum time interval a client can synchronize time with the firewall using the clientperiod key.
After editing and saving the ntp.conf
file manually, restart the service by running the /etc/init.d/ntp script with the restart argument. NTP can be chrooted as well, in which case the place of the configuration file is /var/chroot/ntp/etc/
. You can edit the configuration here directly or you can work with the original configuration file. In the latter case the jailer script updates the configuration inside the chrooted (jailed) environment. The jailer update process involves the following three steps.
The original configuration file is modified.
Jailer is run.
The process (daemon) is restarted.
If you use MC for system configuration, the configuration files are automatically created inside the chrooted environment, so no special intervention is needed.
This method for updating jailed environments is the same for all other daemons that are to be jailed under PNS, such as ISC BIND 9.
System time is updated with the ntpdate command. Run the command as root, as usually from a system startup script so that system time gets adjusted during bootup. You can run the command manually, if needed.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu