The sys admin's daily grind: Ntpd
The Network Time Protocol keeps Charly up to date at all times. To put all of this punctuality in the service of the common good, he even exports the time signal.
If the clock on my personal laptop is a few seconds fast or slow, this is not dramatic. On a server, however, it's different. Logfiles should – at least – be synchronized to the exact second; otherwise, troubleshooting becomes a pain. The software that handles this synchronization is, of course, the NTP daemon (
ntpd) . As a special hardware time source, you could use a suitable DCF 77 or GPS receiver, for example. If you don't have one of those, you could ask some other time servers – you need to poll several to compute the time from the running time differences of the UDP packets on the network.
The NTP configuration in the
/etc/ntp.conf file on my Ubuntu lab machine lists five time servers:
server ntps1-0.cs.tu-berlin.de iburst server ptbtime1.ptb.de iburst server ntp1.fau.de iburst server ntp.probe-networks.de iburst # Use Ubuntu's ntp server as a fallback. server ntp.ubuntu.com
iburst ("initial burst") keyword speeds up synchronization on the first connection. A list of public time servers is available online .
Just to check, I entered
ntpq-p at the command line; this returned a list of all the time servers that my daemon contacted (Figure 1). The first column shows how reliable the time sources are: An asterisk (
*) denotes the current reference server. A plus sign means that the time from this server is used to compute the mean value. Servers with a minus sign have recently supplied times with too large of a deviation – if this problem were to exist permanently, I would need to delete them from the configuration.
Sharing Free Time
Furthermore, nothing prevents me from providing my time server to others. The expected traffic is minimal, and the safety risks are also minimal if this setup is configured correctly. Specifically, in
/etc/ntp.conf, I need to stipulate that external NTP clients can retrieve time information but not configure anything. The following lines do the trick:
restrict -4 default kod notrap nomodifynopeer noquery restrict -6 default kod notrap nomodifynopeer noquery
If you do not use IPv6, you can leave out the second line, of course.
How do other users learn about my time server? The best way is to add it to a popular time network like pool.ntp.org . A working ntpd is the only prerequisite for time servers; you can complete a web form for the actual entries. The more people to join, the less the load per server, and most importantly: We all have more free time (Figure 2).
- NTP daemon: http://www.eecis.udel.edu/~mills/ntp/html/ntpd.html
- List of public time servers: http://support.ntp.org/bin/view/Servers/WebHome#Browsing_the_Lists
- Time server network ntp.org: http://www.pool.ntp.org/en/join.html
Buy this article as PDF
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.