tachtler:ntp
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:ntp [2011/08/08 15:37] – Externe Bearbeitung 127.0.0.1 | tachtler:ntp [Unbekanntes Datum] (aktuell) – gelöscht - Externe Bearbeitung (Unbekanntes Datum) 127.0.0.1 | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
- | ====== ntp ====== | ||
- | |||
- | [[tachtler: | ||
- | |||
- | Es kann unter Umständen sehr wichtig sein, das alle Computer in einem Netzwerk die selbe Zeit zur Verfügung haben, da sonst z.B. der Austausch von DNS Informationen, | ||
- | |||
- | :!: **HINWEIS ** - Nachfolgend soll die Installation eines " | ||
- | |||
- | :!: **HINWEIS** - **Der Einsatz von IPv6 soll __NICHT__ genutzt werden!!!** | ||
- | |||
- | Ab hier werden zur Ausführung nachfolgender Befehle **'' | ||
- | < | ||
- | $ su - | ||
- | Password: | ||
- | </ | ||
- | |||
- | ===== Installation ===== | ||
- | |||
- | Zur Installation eines " | ||
- | * **'' | ||
- | * **'' | ||
- | |||
- | Es sind noch weitere Pakete zu **ntp** verfügbar, welche nicht zum Betrieb eines " | ||
- | |||
- | Mit nachfolgendem Befehl, werden die benötigten Pakete installiert: | ||
- | < | ||
- | # yum install ntp | ||
- | Loaded plugins: fastestmirror | ||
- | Loading mirror speeds from cached hostfile | ||
- | * base: ftp.plusline.de | ||
- | * extras: ftp.plusline.de | ||
- | * updates: ftp.plusline.de | ||
- | Setting up Install Process | ||
- | Resolving Dependencies | ||
- | --> Running transaction check | ||
- | ---> Package ntp.x86_64 0: | ||
- | --> Processing Dependency: ntpdate = 4.2.4p8-2.el6 for package: ntp-4.2.4p8-2.el6.x86_64 | ||
- | --> Running transaction check | ||
- | ---> Package ntpdate.x86_64 0: | ||
- | --> Finished Dependency Resolution | ||
- | |||
- | Dependencies Resolved | ||
- | |||
- | =========================================================================================== | ||
- | | ||
- | =========================================================================================== | ||
- | Installing: | ||
- | | ||
- | Installing for dependencies: | ||
- | | ||
- | |||
- | Transaction Summary | ||
- | =========================================================================================== | ||
- | Install | ||
- | Upgrade | ||
- | |||
- | Total download size: 503 k | ||
- | Installed size: 1.2 M | ||
- | Is this ok [y/N]: y | ||
- | Downloading Packages: | ||
- | (1/2): ntp-4.2.4p8-2.el6.x86_64.rpm | ||
- | (2/2): ntpdate-4.2.4p8-2.el6.x86_64.rpm | ||
- | ------------------------------------------------------------------------------------------- | ||
- | Total 567 kB/s | 503 kB | ||
- | Running rpm_check_debug | ||
- | Running Transaction Test | ||
- | Transaction Test Succeeded | ||
- | Running Transaction | ||
- | Installing | ||
- | Installing | ||
- | |||
- | Installed: | ||
- | ntp.x86_64 0: | ||
- | |||
- | Dependency Installed: | ||
- | ntpdate.x86_64 0: | ||
- | |||
- | Complete! | ||
- | </ | ||
- | |||
- | Mit nachfolgenden Befehlen kann überprüft werden, welche Inhalte mit den Paketen installiert wurden. | ||
- | |||
- | Paket **ntp**: | ||
- | < | ||
- | # rpm -qil ntp | ||
- | Name : ntp Relocations: | ||
- | Version | ||
- | Release | ||
- | Install Date: Fri 05 Aug 2011 12:01:20 PM CEST Build Host: c6b2.bsys.dev.centos.org | ||
- | Group : System Environment/ | ||
- | Size : 1224970 | ||
- | Signature | ||
- | Packager | ||
- | URL : http:// | ||
- | Summary | ||
- | Description : | ||
- | The Network Time Protocol (NTP) is used to synchronize a computer' | ||
- | time with another reference time source. This package includes ntpd | ||
- | (a daemon which continuously adjusts system time) and utilities used | ||
- | to query and configure the ntpd daemon. | ||
- | |||
- | Perl scripts ntp-wait and ntptrace are in the ntp-perl package and | ||
- | the ntpdate program is in the ntpdate package. The documentation is | ||
- | in the ntp-doc package. | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | </ | ||
- | |||
- | Paket **ntpdate**: | ||
- | < | ||
- | # rpm -qil ntpdate | ||
- | Name : ntpdate | ||
- | Version | ||
- | Release | ||
- | Install Date: Fri 05 Aug 2011 12:01:18 PM CEST Build Host: c6b2.bsys.dev.centos.org | ||
- | Group : Applications/ | ||
- | Size : 75889 License: (MIT and BSD and BSD with advertising) and GPLv2 | ||
- | Signature | ||
- | Packager | ||
- | URL : http:// | ||
- | Summary | ||
- | Description : | ||
- | ntpdate is a program for retrieving the date and time from | ||
- | NTP servers. | ||
- | /etc/ntp | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | </ | ||
- | |||
- | ===== Konfiguration ===== | ||
- | |||
- | Um einen " | ||
- | < | ||
- | # chkconfig ntpd on | ||
- | </ | ||
- | |||
- | Eine Überprüfung, | ||
- | < | ||
- | # chkconfig --list | grep ntpd | ||
- | ntpd 0:off | ||
- | ntpdate | ||
- | </ | ||
- | |||
- | ==== / | ||
- | |||
- | In der Konfigurationsdatei | ||
- | * **''/ | ||
- | wird der '' | ||
- | |||
- | Änderungen und persönliche Anpassungen sind mit einem voranstehenden Kommentar, welche wie nachfolgend dargestellt aussieht | ||
- | < | ||
- | # Tachtler | ||
- | </ | ||
- | gekennzeichnet. | ||
- | |||
- | Hier die komplette Konfigurationsdatei **''/ | ||
- | < | ||
- | # For more information about this file, see the man pages | ||
- | # ntp.conf(5), | ||
- | |||
- | driftfile / | ||
- | |||
- | # Permit time synchronization with our time source, but do not | ||
- | # permit the source to query or modify the service on this system. | ||
- | restrict default kod nomodify notrap nopeer noquery | ||
- | # Tachtler | ||
- | # default: restrict -6 default kod nomodify notrap nopeer noquery | ||
- | # restrict -6 default kod nomodify notrap nopeer noquery | ||
- | |||
- | # Permit all access over the loopback interface. | ||
- | # be tightened as well, but to do so would effect some of | ||
- | # the administrative functions. | ||
- | restrict 127.0.0.1 | ||
- | # Tachtler | ||
- | # default: restrict -6 ::1 | ||
- | # restrict -6 ::1 | ||
- | |||
- | # Hosts on local network are less restricted. | ||
- | # Tachtler | ||
- | # default: #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap | ||
- | restrict 192.168.0.0 mask 255.255.255.0 kod nomodify notrap nopeer | ||
- | restrict 192.168.1.0 mask 255.255.255.0 kod nomodify notrap nopeer | ||
- | # Tachtler | ||
- | restrict 0.rhel.pool.ntp.org mask 255.255.255.255 kod nomodify notrap nopeer noquery | ||
- | restrict 1.rhel.pool.ntp.org mask 255.255.255.255 kod nomodify notrap nopeer noquery | ||
- | restrict 2.rhel.pool.ntp.org mask 255.255.255.255 kod nomodify notrap nopeer noquery | ||
- | # Tachtler | ||
- | restrict 0.pool.ntp.org mask 255.255.255.255 kod nomodify notrap nopeer noquery | ||
- | restrict 1.pool.ntp.org mask 255.255.255.255 kod nomodify notrap nopeer noquery | ||
- | restrict 2.pool.ntp.org mask 255.255.255.255 kod nomodify notrap nopeer noquery | ||
- | restrict 3.pool.ntp.org mask 255.255.255.255 kod nomodify notrap nopeer noquery | ||
- | |||
- | # Use public servers from the pool.ntp.org project. | ||
- | # Please consider joining the pool (http:// | ||
- | server 0.rhel.pool.ntp.org | ||
- | server 1.rhel.pool.ntp.org | ||
- | server 2.rhel.pool.ntp.org | ||
- | # Tachtler | ||
- | server 0.pool.ntp.org | ||
- | server 1.pool.ntp.org | ||
- | server 2.pool.ntp.org | ||
- | server 3.pool.ntp.org | ||
- | |||
- | #broadcast 192.168.1.255 autokey | ||
- | # | ||
- | #broadcast 224.0.1.1 autokey | ||
- | # | ||
- | # | ||
- | # | ||
- | |||
- | # Undisciplined Local Clock. This is a fake driver intended for backup | ||
- | # and when no outside source of synchronized time is available. | ||
- | # tachtler | ||
- | # default: # | ||
- | # default # | ||
- | server | ||
- | fudge | ||
- | |||
- | # Enable public key cryptography. | ||
- | #crypto | ||
- | |||
- | includefile / | ||
- | |||
- | # Key file containing the keys and key identifiers used when operating | ||
- | # with symmetric key cryptography. | ||
- | keys / | ||
- | |||
- | # Specify the key identifiers which are trusted. | ||
- | #trustedkey 4 8 42 | ||
- | |||
- | # Specify the key identifier to use with the ntpdc utility. | ||
- | #requestkey 8 | ||
- | |||
- | # Specify the key identifier to use with the ntpq utility. | ||
- | #controlkey 8 | ||
- | |||
- | # Enable writing of statistics records. | ||
- | #statistics clockstats cryptostats loopstats peerstats | ||
- | </ | ||
- | |||
- | ==== / | ||
- | |||
- | Da der Einsatz von **IPv6** nicht durchgeführt werden soll, kann mit nachfolgenden Änderungen die Unterstützung für **IPv6** deaktiviert werden und ein " | ||
- | |||
- | **VOR** - der Ergänzung, mit **IPv6**-Unterstützung: | ||
- | < | ||
- | # Drop root to id ' | ||
- | OPTIONS=" | ||
- | </ | ||
- | |||
- | **NACH** - der Ergänzung, __**ohne**__ **IPv6**-Unterstützung: | ||
- | < | ||
- | # Drop root to id ' | ||
- | OPTIONS=" | ||
- | </ | ||
- | |||
- | :!: **HINWEIS** - **Als einzige Änderung wird hier die Zeichenfolge '' | ||
- | |||
- | :!: **WICHTIG** - **Diese Änderung ist __NICHT__ ausreichend um IPv6 zu deaktivieren!!!** | ||
- | |||
- | Nachfolgende Beschreibung zur Deaktivierung von **IPv6** unter [[http:// | ||
- | * **[[tachtler: | ||
- | |||
- | ==== iptables Regel ===== | ||
- | |||
- | Damit der " | ||
- | |||
- | Um die aktuellen '' | ||
- | < | ||
- | # iptables -L -nv --line-numbers | ||
- | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | 1 141 10524 ACCEPT | ||
- | 2 0 0 ACCEPT | ||
- | 3 0 0 ACCEPT | ||
- | 4 0 0 ACCEPT | ||
- | 5 1 32 REJECT | ||
- | |||
- | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | 1 0 0 REJECT | ||
- | |||
- | Chain OUTPUT (policy ACCEPT 79 packets, 9140 bytes) | ||
- | num pkts bytes target | ||
- | </ | ||
- | |||
- | Nachfolgender Befehl, fügt folgende '' | ||
- | * < | ||
- | und hier der Befehl: | ||
- | < | ||
- | # iptables -I INPUT 5 -p udp --dport 123 -j ACCEPT | ||
- | </ | ||
- | |||
- | Ein erneute Abfrage des '' | ||
- | < | ||
- | # iptables -L -nv --line-numbers | ||
- | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | 1 435 32812 ACCEPT | ||
- | 2 0 0 ACCEPT | ||
- | 3 0 0 ACCEPT | ||
- | 4 0 0 ACCEPT | ||
- | 5 0 0 ACCEPT | ||
- | 6 4 128 REJECT | ||
- | |||
- | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | 1 0 0 REJECT | ||
- | |||
- | Chain OUTPUT (policy ACCEPT 12 packets, 1320 bytes) | ||
- | num pkts bytes target | ||
- | </ | ||
- | |||
- | Die neue Zeile ist an **Position 5** zu sehen, hier nachfolgend zur Verdeutlichung noch einmal dargestellt (**nur relevanter Ausschnitt**): | ||
- | < | ||
- | ... | ||
- | 5 0 0 ACCEPT | ||
- | ... | ||
- | </ | ||
- | |||
- | Um diese '' | ||
- | < | ||
- | # service iptables save | ||
- | iptables: Saving firewall rules to / | ||
- | </ | ||
- | |||
- | ===== Zeitserver starten ===== | ||
- | |||
- | Um einen " | ||
- | < | ||
- | # service ntpd start | ||
- | Starting ntpd: | ||
- | </ | ||
- | |||
- | Ob der " | ||
- | < | ||
- | # ps auxwwwf | grep ntpd | ||
- | root 2352 0.0 0.1 103148 | ||
- | ntp | ||
- | </ | ||
- | |||
- | ===== Zeitserver Status ===== | ||
- | |||
- | Um zu überprüfen in wie weit der //offset// bzw. die Abweichung zur aktuell gültigen Zeit ist, kann nachfolgende Abfrage genutzt werden: | ||
- | < | ||
- | # ntpq -np | ||
- | | ||
- | ============================================================================== | ||
- | +83.169.43.165 | ||
- | +79.143.177.46 | ||
- | *188.40.33.81 | ||
- | +141.30.228.4 | ||
- | +178.63.73.246 | ||
- | +129.70.132.32 | ||
- | | ||
- | </ | ||
- | |||
- | ==== Zeitserver optimieren ==== | ||
- | |||
- | Falls der //offset//, wie in obigen Beispiel **sehr hoch** ist, würde eine Synchronisierung rein durch den '' | ||
- | |||
- | Zuerst muss der '' | ||
- | < | ||
- | # service ntpd stop | ||
- | Shutting down ntpd: [ OK ] | ||
- | </ | ||
- | |||
- | Anschließend wird die Zeit mit einem der unter dem Befehl **'' | ||
- | < | ||
- | # ntpdate 131.188.3.220 | ||
- | 5 Aug 15:02:07 ntpdate[2517]: | ||
- | </ | ||
- | Anschließend wird der '' | ||
- | < | ||
- | # service ntpd start | ||
- | Starting ntpd: | ||
- | </ | ||
- | |||
- | :!: **HINWEIS** - **Warten Sie ca. 10 Minuten, bevor nachfolgende Abfrage durchgeführt wird !!!** | ||
- | |||
- | Abschließend wir der Befehl zu überprüfen, | ||
- | < | ||
- | # ntpq -np | ||
- | | ||
- | ============================================================================== | ||
- | +46.4.54.78 | ||
- | *131.234.137.24 | ||
- | +141.40.103.103 | ||
- | +78.47.136.228 | ||
- | +95.89.157.176 | ||
- | +213.95.21.43 | ||
- | +213.9.73.106 | ||
- | | ||
- | </ | ||
- | |||
- | ===== Zeitserver und NetworkManager ===== | ||
- | |||
- | Falls der **NetworkManager** auf dem Server mit dem " | ||
- | * **''/ | ||
- | nachfolgender Eintrag zu ergänzen (**nur relevanter Ausschnitt**): | ||
- | < | ||
- | ... | ||
- | NETWORKWAIT=1 | ||
- | </ | ||
tachtler/ntp.1312810639.txt.gz · Zuletzt geändert: 2012/05/08 22:40 (Externe Bearbeitung)