View previous topic :: View next topic |
Author |
Message |
F.Ultra Apprentice
Joined: 17 Mar 2004 Posts: 169 Location: Sweden
|
Posted: Fri Jan 21, 2005 11:04 am Post subject: Securing NTP for client-only |
|
|
If you use ntpd to sync your own machine and do not want others to be able to sync with your machine or even to remotely modify your configuration you must do some steps that are not very well documented, at least not that I am aware of
The Gentoo default ntp.conf has some nice examples to secure a ntpd that would act as a ntp server, but no info for client-only installations.
ntp.conf Code: | restrict default ignore
restrict 127.0.0.1
server ntp.server.domain
server ntp.server2.other.domain
restrict ntp.server.domain noquery nomodify notrap
restrict ntp.server2.other.domain noquery nomodify notrap |
This will let you sync with these two made up ntp servers, but will not let any one else to sync to your machine, change your config or try to read your config or statistics. |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Thu Jan 27, 2005 9:05 am Post subject: |
|
|
nice example, should be included in the doc, before I had only a
line like
Code: |
restrict default nomodify nopeer
|
in my ntp.conf. Now I have a more secure ntp - client installation where nessus does not complain about a security hole like 'os type/version could be examined' - thanks. |
|
Back to top |
|
|
mog Apprentice
Joined: 05 Jul 2003 Posts: 253 Location: Auckland [NZ]
|
Posted: Wed Sep 13, 2006 12:06 am Post subject: |
|
|
how can I run NTP as ntp:ntp instead of as root? When I configure NTP with the line
Quote: | NTPD_OPTS="-u ntp:ntp" |
in /etc/conf.d/ntpd then the server does not seem to start although I don't get an error during startup.
It just does not show up under either top or ps aux | grep ntp
Any suggestions?
EDIT: [Solved] refer to this thread. _________________ To thine own self be true.
Last edited by mog on Wed Sep 13, 2006 9:02 am; edited 1 time in total |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Wed Sep 13, 2006 9:01 am Post subject: |
|
|
See capability kernel option and caps USE flag for ntp - thread. |
|
Back to top |
|
|
|