Re: setting time without changing securelevel

From: Thomas T. Veldhouse (veldy@veldy.net)
Date: 05/24/01 

From: "Thomas T. Veldhouse" <veldy@veldy.net>
To: "Hank Wethington" <bsd@info-logix.com>, "Dominic Marks" <dominic_marks@btinternet.com>
Date: Thu, 24 May 2001 15:07:44 -0500

A cron job using ntpdate actually changes your time. Which may not be good
for data going into a database, especially data keyed off of the time. ntpd
will adjust the speed of your system clock so that it slows down or speeds
up to match the "network" clock. This is friendly to database activity. I
don't see why I would need a hardware extension to keep time accurate.
Accurate time is not that much of an issue (a minute or two is OK with me),
but I do want all my machines synced. Also, I don't expose the time daemon
to the outside world, so the exploit is only local, and my users are
trusted. FreeBSD doesn't actually use xntpd, it migrated over (back?) to
ntp some time back. I think the xntpd knob should probably be changed.

Tom Veldhouse
veldy@veldy.net

----- Original Message -----
From: "Hank Wethington" <bsd@info-logix.com>
To: "Thomas T. Veldhouse" <veldy@veldy.net>; "Dominic Marks"
<dominic_marks@btinternet.com>
Cc: <freebsd-security@freebsd.org>
Sent: Thursday, May 24, 2001 2:39 PM
Subject: RE: setting time without changing securelevel

> An issue you might have to look into would be the fact that there is a
> exploit for ntpd that does extend to xntpd. If your just getting time
> periodically and not having to be a server for the rest of the network,
then
> a cron job for using ntpdate would probably be a better way to go. If you
do
> need it for network time serving, you might be better off getting a GPS
> setup to give ntp the time over a serial connection.
>
> Hank Wethington
> Information Logistics
>
> ================================================
> www.GoInfoLogistics.com
> mailto:info@GoInfoLogistics.com
> ================================================
>
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Thomas T.
> Veldhouse
> Sent: Thursday, May 24, 2001 12:32 PM
> To: Dominic Marks
> Cc: freebsd-security@freebsd.org
> Subject: Re: setting time without changing securelevel
>
>
> I found a similar article myself (I don't remember the URL though). I
have
> had it running for quite some time (well -- a week or so). I didn't see
> that it recommends you use more than one server to sychronize with. I am
> currently using 4 public servers.
>
> That looks like a pretty decent article. It, like the rest, fail to
inform
> you how to run your new server as a time server for the rest of your
> network. I can ntptrace ot it on the local machine, but it won't respond
to
> other clients on my LAN.
>
> Tom Veldhouse
> veldy@veldy.net
>
>
> ----- Original Message -----
> From: "Dominic Marks" <dominic_marks@btinternet.com>
> To: "Thomas T. Veldhouse" <veldy@veldy.net>
> Cc: <freebsd-security@freebsd.org>
> Sent: Thursday, May 24, 2001 2:25 PM
> Subject: Re: setting time without changing securelevel
>
> Hello,
>
> On Thu, May 24, 2001 at 09:43:48AM -0500, Thomas T. Veldhouse wrote:
> > knob). It is not hard to setup, but the documentation [that is
readable]
> is
> > scarce.
> >
> > Tom Veldhouse
> > veldy@veldy.net
>
> I suggest: http://freebsddiary.org/xntpd.html
>
> One problem I had was having to create an /etc/localtime as there
> wasn't one on the machine to begin with. Symlinking it to my city
> in /usr/share/zoneinfo/etc/etc works great in combination with the
> processes described in the above article.
>
> --
> Dominic Marks
>
> Don't talk to me about Naval tradition.
> It's nothing but rum, sodomy and the lash."
> -- Winston Churchill
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Remote data entry solution needed for Access 2007
    ... Users open the database remotely and use its forms to enter data. ... Why it doesn't work: network lag time. ... our network admin says our Citrix server is 2000 and ... HTML-based form working with an ASP file to send data to the database. ...
    (microsoft.public.access.externaldata)
  • Re: Active/Active configuration
    ... Almost everything out there is onActive/Passive.Setting up another instance in a cluster is no different than setting up the ... how does sql server knows which instance an application/user is refering to?You need a separate IP addresse for each clustered instance. ... you really shouldn't share a single network. ... Is this a valid assumption?You may get better performance by virute of running each database on its own ...
    (microsoft.public.sqlserver.clustering)
  • Re: dataset safety?
    ... In my idea is the transport on the network (even more on ethernet because of ... posible collisions) that makes a network slow, not the times you use it. ... client has to send the update to the server. ... so the server can go to the database. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Winsock rate of sending data
    ... The database only has 1 table with 3 columns: ... my machine with less power then the server, ... compress when I am sending the data, ... >network and reducing the server's workload, ...
    (microsoft.public.vb.general.discussion)
  • Re: db corruption
    ... > posts just to help someone. ... See http://www.QBuilt.com for all your database needs. ... Very solid and fast network connectivity, ... > The server is hundreds of GB's with many many users. ...
    (microsoft.public.access.setupconfig)