Re: Clock syncronization

From: Andy Grimm (ag381597@ohiou.edu)
Date: 11/11/02


Date: Mon, 11 Nov 2002 16:49:29 -0500
From: Andy Grimm <ag381597@ohiou.edu>
To: security-discuss@linuxsecurity.com

On Mon, Nov 11, 2002 at 08:52:48AM -0500, Patrick Duane Dunston wrote:
> Run: timeconfig
>
> to get your server time to the right zone.
>
> I'd recommend you have have one local server synch with an external server
> and have the other servers sync with that local server.

Good answer. Also, you should ideally have your hardware clock set to UTC
(also known as GMT). I've heard of people having problems syncing with windows
machines, though, because win boxes typically keep their hardware clocks on
local time.

I have to disagree on the rdate thing, though. ntp is most likely what you want.
I haven't gone through a full setup, but there's not a lot to it, and there's good
documentation in the ntp rpm. Be sure to take advantage of the key authentication
stuff ( it's not really strong, but better than nothing ).

--Andy

> On the server that syncs externally you can use "time" via inetd or
> xinetd to synch with the remote server. Enable the "time" server on the
> linux box via xinetd. Edit the file /etc/xinet.d/time. Change the line:
>
> disable = yes
>
> to
>
> disable = no
>
> reload xinetd. /etc/rc.d/init.d/xinetd reload
>
> be sure time is running:
>
> lsof -i -n |grep time
>
> Then use tcpwrappers to restrict only the hosts that need to sync with it.
> Be sure to allow access only from the clients who need it. Whether you
> use time, ntp, or xntp you should only allow clients that need it.
>
> In hosts.allow
>
> time : 10.1.1.2,10.1.1.3,10.1.1.4
>
> Run rdate on the server that wil synch externally and sync with one of the
> servers that you are allowed to synch with. Here's a list:
>
> http://www.eecis.udel.edu/~mills/ntp/clock2.html
>
> The top of the list contain servers you can use in brazil.
>
> On each server you can then run rdate through cront to sync with your
> local time server however often you need.
>
> rdate -s <local server ip address> ; hwclock --systohc
>
> hwclock will synchronize your hardware clock to to proper time.
>
> There is an rdate for windows, winrdate:
> http://www.contactor.se/~dast/stuff/
>
> at the bottom of the above link's page.
>
> you can then use the MS scheduler to sync periodically from the windows
> server.
>
> Hope this helps.
>
> On Mon, 11 Nov 2002, Bruno Gimenes Pereti wrote:
>
> > Hello,
> >
> > I think this question is related with security. I need to sync the clock of
> > 4 linux box and 1 windows 2000 server.
> >
> > First of all, I need to know how to configure the correct time to my
> > zonetime (Brazil East GMT -03:00). Im using RedHat.
> >
> > Secondly, do you use NTP do sync the clock of your machines? What do I need
> > to do to use it?
> >
> > TIA,
> > Bruno.
> >
> > ------------------------------------------------------------------------
> > To unsubscribe email security-discuss-request@linuxsecurity.com
> > with "unsubscribe" in the subject of the message.
> >
> >
>
> --
> duane
>
> 'People demand freedom of speech to make up for the freedom of thought
> which they avoid.'
> - Kierkegaard
>
> http://www.linuxsecurity.com/feature_stories/feature_story-116.html
> http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html --
> Updated Version
> http://www.linuxsecurity.com/feature_stories/feature_story-89.html
> http://www.linuxsecurity.com/feature_stories/feature_story-88.html
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.