Ntp service configuration, detailed explanation !, Ntp service configuration details

Ntp service configuration, detailed explanation !, Ntp service configuration details

In linux, synchronize is necessary to avoid the Time deviation caused by long running of the host. In linux, ntp is generally used to synchronize the time of different machines. NTP is short for Network Time Protocol. It synchronizes the Time between computers through the Network Protocol.

 

Install the NTP package

Check whether ntp packages are installed. If you install the ntp package, use rpm or yum to install it.

[Root @ localhost ~] # Rpm-qa | grep ntp

Fontpackages-filesystem-1.41-1.1.el6.noarch

Ntpdate-4.2.6p5-10.el6.centos.2.i686

Ntp-4.2.6p5-10.el6.centos.2.i686

 

NTP Configuration

A. Configure/etc/ntp. conf

The main configuration file of the NTP server is/etc/ntp. conf, which has not been modified. The conf file is as follows:

[Root @ localhost ~] # More/etc/ntp. conf

# For more information about this file, see the man pages

# Ntp. conf (5), ntp_acc (5), ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5 ).

 

Driftfile/var/lib/ntp/drift

 

# Permit time synchronization with our time source, but do not

# Permit the source to query or modify the service on this system.

Restrict default kod nomodify notrap nopeer noquery

Restrict-6 default kod nomodify notrap nopeer noquery

 

# Permit all access over the loopback interface. This cocould

# Be tightened as well, but to do so wocould effect some

# The administrative functions.

Restrict 127.0.0.1

Restrict-6: 1

 

# Hosts on local network are less restricted.

# Restrict 192.168.1.0 mask limit 255.0 nomodify notrap

 

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html ).

Server 0.rhel.pool.ntp.org iburst

Server 1.rhel.pool.ntp.org iburst

Server 2.rhel.pool.ntp.org iburst

Server 3.rhel.pool.ntp.org iburst

 

 

# Broadcast 192.168.1.255 autokey # broadcast server

# Broadcastclient # broadcast client

# Broadcast 224.0.1.1 autokey # multicast server

# Multicastclient 224.0.1.1 # multicast client

# Manycastserver 239.415254.254 # manycast server

# Manycastclient 239.415254.254 autokey # manycast client

 

# Enable public key cryptography.

# Crypto

 

Includefile/etc/ntp/crypto/pw

 

# Key file containing the keys and key identifiers used when operating

# With encryption Ric key cryptography.

Keys/etc/ntp/keys

 

# Specify the key identifiers which are trusted.

# Trustedkey 4 8 42

 

# Specify the key identifier to use with the ntpdc utility.

# Requestkey 8

 

# Specify the key identifier to use with the ntpq utility.

# Controlkey 8

 

# Enable writing of statistics records.

# Statistics clockstats cryptostats loopstats peerstats

1) set the NTP host source (prefer indicates the priority of the host), 192.168.66.131 is the local NTP server, so the synchronization time from the host is preferentially specified

Server 192.168.66.131 prefer

Server 0.centos.pool.ntp.org iburst

Server 1.centos.pool.ntp.org iburst

Server 2.centos.pool.ntp.org iburst

Server 3.centos.pool.ntp.org iburst

2) restrict the access types of the servers you allow. In this example, the server is not allowed to modify the runtime configuration or query your linux ntp server.

# Restrict 192.168.1.0 mask limit 255.0 nomodify notrap

The above mask address is extended to 255, so all servers from 192.168.1.1-192.168.1.254 can use our NTP server to synchronize time

# Set the Default policy to allow time synchronization on any host

Restrict default ignore

3) Make sure that localhost has sufficient permissions to use the syntax without any restrictions on keywords.

Restrict 127.0.0.1

Restrict-6: 1

 

B. Configure the/etc/ntp/step-tickers file.

Modify the/etc/ntp/step-tickers file. The content is as follows (when the ntp service starts, it automatically proofreads the Time of the NTP service recorded in the file)

[Root @ localhost ~] # More/etc/ntp/step-tickers

# List of servers used for initial synchronization.

Server 192.168.66.131 prefer

Server 0.centos.pool.ntp.org iburst

Server 1.centos.pool.ntp.org iburst

Server 2.centos.pool.ntp.org iburst

Server 3.centos.pool.ntp.org iburst

The above is modified through vi

 

C. Configure the/etc/sysconfig/ntpd File

Ntp service, default smart synchronization system time. If you want ntp to synchronize hardware time at the same time, you can set the/etc/sysconfig/ntpd file and add it to the/etc/sysconfig/ntpd file. In this case, SYNC_HWCLOCK = yes, you can synchronize the hardware time with the system time.

 

IPTABLES configuration

Because the ntp service needs to use UDP port 123, when the system's firewall (iptables) starts, the UDP port 123 must be enabled.

 

Start the NTP service

Service ntpd status

Service ntpd start

Netstat-lntup | grep ntp

Check if ntp is started: [root @ localhost ~] # Chkconfig -- level 35 ntpd on

 

Http://www.cnblogs.com/kerrycode/archive/2015/08/20/4744804.html (ntp configuration reference file)