NTP service setup under Linux (CentOS)

NTP Service setup under Linux(CentOS)

1. installation

CentOS NTP service. If you are unsure whether you have installed The package can be ordered – QA|GREP NTP  check it out. If not installed, you can use the command YUM INSTALL NTP centos Installation disk installation (build simple yum source, Install disc image as source).

[[email protected] ~]# Rpm-qa |grep NTP

Ntp-4.2.6p5-1.el6.centos.x86_64

Fontpackages-filesystem-1.41-1.1.el6.noarch

Ntpdate-4.2.6p5-1.el6.centos.x86_64

2. Configuration

Vi/etc/ntp.conf

Add the following three lines

Server 127.127.1.0

Fudge 127.127.1.0 Stratum 12

Restrict default nomodify

Restart | Open |  Close NTP Service

Service NTPD Restart | Start | Stop

Restart the NTP service

[Email protected] ~]# service ntpd restart

Close ntpd:[ OK ]

Starting ntpd:[ OK ]

3. Detailed Parameters

Server 127.127.1.0

Fudge 127.127.1.0 Stratum 10

If the second configured server 0.centos.pool.ntp.org iburst is not valid, the NTP Server will make its own time as The time of the NTP server is synchronized with itself.

Considering that some LAN can not access the external network, all here need to use this configuration item

turn on the internal recursive network interface loopback

Restrict 127.0.0.1

clients inside the internal subnet can be networked, but cannot modify The time parameters of the NTP server

Restrict 192.168.0.0 mask 255.255.255.0 nomodify

Edit the Scheduled task as Tom , and synchronize the time of day (commonly used in NTP clients)

[Email protected] ~]# crontab-e-U Tom

0 * * * * */usr/sbin/ntpdate 192.168.0.1

Modify hardware time on a system-time basis

[Email protected] ~]# hwclock-w

Modify the system time based on the hardware time

[Email protected] ~]# hwclock-s

Restrict IP address mask Subnet Mask parameter

where IP can be an IP address or default ,default means all IP

The parameters are as follows:

Ignore : Turn off all NTP Online Services

Nomodify: The client cannot change the time parameters on the server side, but the client can perform the network calibration via the server. notrust : The client source will be treated as untrusted subnet unless authenticated

Noquery : Do not provide a time query for the client

Note: If the parameter is not set, it means there is no limit to the IP ( or subnet ) .

Use the server parameter to set the parent time server, in the following format:

Server IP address or domain name [prefer] IP

The address or domain name is the parent time server that we specify, and if the server parameter is finally added prefer, it means that our NTP       The server is mainly calibrated with the host time of the unit.

The Driftfile format is as follows :d riftfile file name

The time that is spent in contacting the parent time server is recorded in the file following the Driftfile parameter.

Note : The files that follow the driftfile need to use the full path file name, cannot be a link file, and the permissions of the file need to be set to ntpd Daemon can write.

4. firewall configuration, open UDP 123 port

[Email protected] ~]# iptables-a input-m State--state new-m udp-p UDP--dport 123-j ACCEPT

[Email protected] ~]#

[[Email protected] ~]# service iptables status

Table:Filter

Chain INPUT (Policy ACCEPT)

Num Target prot opt source destination

1 ACCEPT UDP--0.0.0.0/0 0.0.0.0/0 state NEW UDP dpt:123

5. manually set the time / time zone

set the current time to the year of the month number of points Ten minutes

[Email protected] ~]# date-s "11/11/14 14:10"

year by month Tuesday 14:10:00 CST

Ln-sf/usr/share/zoneinfo/asia/shanghai/etc/localtime

If you want to change to a different time zone, you can find it in /usr/share/zoneinfo and then link to /etc/localtime .

Of course, you must first delete the folder directory under the localtime file.

Of course, you can also modify /etc/sysconfig/clock

Zone=asia/shanghai (check /usr/share/zoneinfo the following file. )

Utc=false (whether the hardware clock is UTC or GMT clock.) )

Arc=false ( set to true if it is on the Alpha machine) . )

This article is from the "Network Technology" blog, please be sure to keep this source http://zqxiang.blog.51cto.com/2806551/1579182

NTP service setup under Linux (CentOS)