ntpd
, reads the configuration file at system start or when the service is restarted. The default location for the file is /etc/ntp.conf
and you can view the file by entering the following command:
~]$ less /etc/ntp.conf
The configuration commands are explained briefly later in this chapter, see Section 14.17, “Configure NTP”, and more verbosely in the ntp.conf(5)
man page.
driftfile /var/lib/ntp/driftIf you change this be certain that the directory is writable by
ntpd
. The file contains one value used to adjust the system clock frequency after every system or service start. See Understanding the Drift File for more information.
restrict default kod nomodify notrap nopeer noqueryThe
kod
option means a “Kiss-o'-death” packet is to be sent to reduce unwanted queries. The nomodify
options prevents any changes to the configuration. The notrap
option prevents ntpdc
control message protocol traps. The nopeer
option prevents a peer association being formed. The noquery
option prevents ntpq
and ntpdc
queries, but not time queries, from being answered. The ntpq
and ntpdc
queries can be used in amplification attacks (see CVE-2013-5211 for more details), do not remove the noquery
option from the restrict default
command on publicly accessible systems.
127.0.0.0/8
range are sometimes required by various processes or applications. As the "restrict default" line above prevents access to everything not explicitly allowed, access to the standard loopback address for IPv4
and IPv6
is permitted by means of the following lines:
# the administrative functions. restrict 127.0.0.1 restrict ::1Addresses can be added underneath if specifically required by another application.
192.0.2.0/24
network to query the time and statistics but nothing more, a line in the following format is required:
restrict 192.0.2.0 mask 255.255.255.0 nomodify notrap nopeerTo allow unrestricted access from a specific host, for example
192.0.2.250/24
, a line in the following format is required:
restrict 192.0.2.250A mask of
255.255.255.255
is applied if none is specified.
ntp_acc(5)
man page.
ntp.conf
file contains four public server entries:
server 0.fedora.pool.ntp.org iburst server 1.fedora.pool.ntp.org iburst server 2.fedora.pool.ntp.org iburst server 3.fedora.pool.ntp.org iburst
ntp.conf
file contains some commented out examples. These are largely self explanatory. See the explanation of the specific commands Section 14.17, “Configure NTP”. If required, add your commands just below the examples.
Note
DHCP
client program, dhclient, receives a list of NTP
servers from the DHCP
server, it adds them to ntp.conf
and restarts the service. To disable that feature, add PEERNTP=no
to /etc/sysconfig/network
.