Configuring an NTP server in Red Hat

Page 1 of 7

Are you as curious as the putorius?

3.31.2011 PAGES

Configuring an NTP server in Red Hat

Home

Configuring an NTP server in Red Hat NOTE: This article should work for all modern Red Hat based systems including Fedora and Centos. The NTP (Network Time Protocol RFC-1305) is a widely used Internet time protocol. This service runs in the background and periodically gets time updates from one or more servers. Many large networks use NTP to ensure accurate log file timestamps and often deploy a stratum 2 or level 2 server in their network to serve the rest of their clients. In this article we will talk about configuring a basic NTP server, as well as ways to secure NTP. Let's start by talking about the changes that will be needed on your firewall. NTP servers communicate over port 123 UDP and unlike most UDP protocols the source port is NOT a high port, but uses 123 as well. The firewall must be configured to allow UDP on both source and destination ports 123 between your new NTP server and the Stratum 1 server. What is a stratum 1 server? Its the highest server in your NTP hierarchical of servers. For this article we will use the following as our stratum 1 servers: 0.us.pool.ntp.org wwv.nist.gov Below is an example iptables rule that allows NTP traffic from ANY source. This is just an example and should be checked against your security policy.

Wallpapers Cut out paper tux penguin

SEARCH

Search
powered by

BLOG ARCHIVE

2011 (9) 10/16 - 10/23 (1) 09/11 - 09/18 (1) 05/01 - 05/08 (1) 04/24 - 05/01 (1) 04/10 - 04/17 (1) 03/27 - 04/03 (3) Configuring an NTP server in Red Hat Using perl to automate ssh login using Net::SSH::E... How to install perl modules with CPAN (perl-cpan) 03/20 - 03/27 (1) 2010 (1) 2009 (1)

iptables -I INPUT -p udp --dport 123 -j ACCEPT

FOLLOW BY EMAIL

Submit

Now that we have our firewall rules in place to allow NTP synchronization, let's get the service installed and started. Most modern Linux/UNIX distributions come with NTP already installed. For Red Hat based distros you can install the NTP package with yum:

SUBSCRIBE TO

yum install ntp

Shortcut to Linux
Hands-on Linux training course with RHCE ,LPIC-3 instructor
www.itdestination.com

http://www.putorius.net/2011/03/configuring-ntp-server-in-red-hat.html

29-10-2011

Configuring an NTP server in Red Hat

Page 2 of 7

The main configuration file for NTP in Red Hat based linux based systems is ntp.conf located in the /etc directory. For this first step we will open that file in our favorite editor and place the servers we want to use in the following format.

server 0.us.pool.ntp.org

server wwv.nist.gov

Now we have to restrict the access these time servers will have on our system. In the example below we are telling NTP that these servers are not allowed to modify run-time configuration or query our system. The specified mask below is limiting the access to a single IP, or single host subnet.

restrict 0.us.pool.ntp.org noquery

mask 255.255.255.255 nomodify notrap

restrict wwv.nist.gov

mask 255.255.255.255 nomodify notrap noquery

Now since we are setting up a server to "serve" time to other clients we have to tell it from which networks to allow NTP requests. We use the same basic restrict statement as above, but this time you will notice the noquery option is removed allowing said network to query this server. The following example allows everyone within the 10.0.0.0/24 network to query the server.

restrict 10.0.0.0

mask 255.255.255.0 nomodify notrap

As with most services localhost gets full access. For this we use the same restrict statement but with no options.

restrict

127.0.0.1

http://www.putorius.net/2011/03/configuring-ntp-server-in-red-hat.html

29-10-2011

Configuring an NTP server in Red Hat

Page 3 of 7

That's it, we have now configured our NTP server to pull time synchronization from stratum 1 servers, and accept time synchronization requests from computers on our network. Now we have to start the service and make sure the service starts at boot. Before we go crazy let's make sure everything is working as expected and also run an initial update. First, let's run an initial update.

ntpq -p 0.us.pool.ntp.org

Expected output:

remote offset jitter

refid

st t when poll reach

delay

=================================================================== ===========

*0.us.pool.ntp.org 128.32.206.55 0.164 0.170

3 u

15

64

377

0.870

The important thing to note in the above output is delay, offset and jitter should all be NONE ZERO numbers and the jitter should be under 100. You can run the initial synchronization multiple times if you wish. Now that we have done our initial sync and check completed, let's start the service. Start the service:

/etc/init.d/ntpd start

When the service is started you should see something similar to this in your logs: (/var/log/messages)

Mar 31 13:07:04 bighat ntpdate[18253]: step time server 66.191.139.149 offset 0.000574 sec

http://www.putorius.net/2011/03/configuring-ntp-server-in-red-hat.html

29-10-2011

Configuring an NTP server in Red Hat

Page 4 of 7

Make sure the service starts at boot:

chkconfig ntpd on

Posted by Savona at 3:45 PM

Labels: centos, fedora, linux, network time protocol, ntp, red hat, server, service

0 comments: Post a Comment

Newer Post Subscribe to: Post Comments (Atom)

Home

Older Post

http://www.putorius.net/2011/03/configuring-ntp-server-in-red-hat.html

29-10-2011

Configuring an NTP server in Red Hat

Page 5 of 7

Copyright 2011 Putorius.net ... Powered by Blogger.

http://www.putorius.net/2011/03/configuring-ntp-server-in-red-hat.html

29-10-2011

Configuring an NTP server in Red Hat

Page 6 of 7

http://www.putorius.net/2011/03/configuring-ntp-server-in-red-hat.html

29-10-2011

Configuring an NTP server in Red Hat

Page 7 of 7

http://www.putorius.net/2011/03/configuring-ntp-server-in-red-hat.html

29-10-2011