Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to configure NTP time synchronization for Linux

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/02 Report--

Today I will show you how to configure NTP time synchronization with Linux. The content of the article is good. Now I would like to share it with you. Friends who feel in need can understand it. I hope it will be helpful to you. Let's read it along with the editor's ideas.

One: NTP is a network time synchronization protocol, which is used to synchronize the time of each computer in the network.

Two: NTP server configuration

1. Check whether the system has installed the NTP package (linux systems usually come with NTP4.2). If it is not installed, we use the yum command to install it online: yum install ntp

2.NTP server profile editing: vim / etc/ntp.conf

Results:

# @ 3 add-permission configuration restrict 127.127.1.0restrict 192.168.31.0 mask 255.255.255.0 nomodify notrap# @ 3 change-comment out superior time server address # server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst# @ 4 add-parent time server server 127. 127.1.0 # local clockfudge 127.127.1.0 stratum 10

two。 Start the NTP time server: service ntpd start

3. Set NTP to boot automatically: chkconfig ntpd on

4. Check whether NTP is running properly: netstat-tlunp | grep ntp

5. Configure firewall filtering rules: / sbin/iptables-I INPUT-p udp-dport 123-j ACCEPT

How to configure: / etc/sysconfig/iptables file to configure open udp port 123A INPUT-p udp-destination-port 123-j ACCEPT

a. Server profile interpretation

① 1: sets the source of the NTP host (where prefer represents the priority host), and 192.168.31.134 is the local NTP server, so the synchronization time from that host is given priority.

Server 192.168.7.49 prefer

Server 0.rhel.pool.ntp.org

Server 1.rhel.pool.ntp.org

Server 2.rhel.pool.ntp.org

Server 3.rhel.pool.ntp.org

② 2: limit the types of access you allow to these servers. In this case, the server is not allowed to modify the runtime configuration or query your Linux NTP server.

Restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap

In the above example, the mask address is extended to 255, so servers from 192.168.0.1 to 192.168.0.254 can use our NTP server to synchronize time

# at this point, it means to restrict the provision of NTP services to servers with IP segments from 192.168.0.1 to 192.168.0.254.

Restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap noquery

# set the default policy to allow any host to synchronize time

Restrict default ignore

Two: NTP client configuration

1. Check whether the NTP service is installed. If not, please install it yourself.

2.NTP client profile editing: vim / etc/ntp.conf

# @ 1 add-permission configuration restrict 192.168.31.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp.org project.# Please consider joining the pool. # comment out the original actual server address # server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst# @ 2 add-since Own time server address server 192.168.31.223 prefer

3. Manually synchronize the time: / usr/sbin/ntpdate192.168.31.134 (server host IP, here you need to shut down the NTP service first)

4. Start the NTP service: service ntpd start

5. Observe time synchronization: ntpq-p

Results:

[root@localhost hct] # ntpq-p remote refid st t when poll reach delay offset jitter====*192.168.31.134 LOCAL (0) 11 u 64 128 377 0.202 73.980 412.834

⑥ view time synchronization results: ntpstat

[root@liangxu ~] # ntpstat

Unsynchronised

Polling server every 8 s

Synchronization failed. Synchronization also takes time. You need to wait 5-10 minutes to query again:

Every 2.0s: ntpstat Tue Jul 11 16:55:57 2017synchronised to NTP server (10.10.11.247) at stratum 12 time correct to within 605 ms polling server every 128s

OK! Time synchronization is complete. Is the time of date consistent with that of the server host?

b. Detailed explanation of client profile

Modify the / etc/ntp/stpe-tickers file as follows (when the ntpd service starts, it will automatically time check with the upper NTP service recorded in the file

c. System time is synchronized with hardware time

If the master-slave service time exceeds 1000 seconds, the synchronization will no longer be performed. At this time, you need to synchronize manually, that is, / usr/sbin/ntpdate command. If you are afraid that the server's time difference will change frequently, you can add scheduled tasks to Linux, for example:

10 5 * root / usr/sbin/ntpdate 192.168.31.223 & & / sbin/hwclock-w

Ntp service, which only synchronizes system time by default. If you want ntp to synchronize the hardware time at the same time, you can set the / etc/sysconfig/ntpd file and add SYNC_HWCLOCK=yes to the / etc/sysconfig/ntpd file so that the hardware time can be synchronized with the system time.

Information about each option of D:ntpq-p

Restrict controls the relevant permissions.

Syntax is: restrict IP address mask subnet mask parameter

The IP address can also be default, and default refers to all IP.

The parameters are as follows:

Ignore: turn off all NTP online services

Nomodify: the client cannot change the time parameter of the server, but the client can calibrate the time on the network through the server.

Notrust: unless the client is authenticated, the client source will be considered an untrusted subnet

Noquery: no client time query: the client cannot use commands such as ntpq,ntpc to query the ntp server

Notrap: does not provide trap remote login: refuses to provide mode 6 control message trap service for matching hosts. Trap service is a subsystem of ntpdq control message protocol and is used for remote event loggers.

Nopeer: used to prevent hosts from trying to peer with the server and to allow fraudulent servers to control the clock

Kod: sends KoD packets when access violations occur.

Restrict-6 represents the permission setting for the IPV6 address.

Root@liangxu ~] # vim / etc/ntp.conf# 1. Deal with the permission issues first, including releasing the upload server and opening the access source: restrict default kod nomodify notrap nopeer noquery

The difference between ntpd and ntpdate

The following is the online information about the difference between ntpd and ntpdate. As shown below:

Before you use it, you need to figure out what is the difference between ntpd and ntpdate in update time. Ntpd is not only a time synchronization server, it can also be used as a client to synchronize time with a standard time server, and it is smooth synchronization, not ntpdate immediate synchronization. Ntpdate is used cautiously in a production environment, and both cannot be run at the same time.

The jump of the clock can cause serious problems for some programs. Many applications rely on continuous clocks-after all, it is a common assumption that the time obtained is linear, and that some operations, such as database transactions, usually rely on the fact that time does not jump back. Unfortunately, the way ntpdate adjusts time is what we call a "jump": after getting a time, ntpdate uses settimeofday (2) to set the system time, which has several obvious problems:

First, it is not safe to do so. The setting of ntpdate depends on the security of the ntp server, and attackers can take advantage of some software design flaws to take down the ntp server and make the servers synchronized with it perform certain consumptive tasks. Because ntpdate uses a jump approach, the server that follows it has no way of knowing if an exception has occurred (when the time is different, the only way is to refer to the server).

Second, this is not accurate. Once the ntp server goes down, the servers that follow it will not be able to synchronize time. In contrast, ntpd can calibrate not only the computer's time, but also the computer's clock.

Third, it is not elegant enough. Because you jump, rather than make time faster or slower, programs that rely on timing can go wrong (for example, if ntpdate finds that your time is fast, you may experience two identical moments, which can be fatal for some applications). Therefore, the only point that can make the time jump is when the computer has just started, but not many services have been started. The rest of the time, it is ideal to use ntpd to calibrate the clock rather than adjust the time on the computer clock.

During synchronization with the time server, NTPD records the oscillation frequency deviation of the BIOS timer or the natural drift (drift) of the Local Clock. In this way, even if there is something wrong with the network, the machine can still maintain a fairly accurate travel time.

This is all about how Linux configures NTP time synchronization. For more content related to how Linux configures NTP time synchronization, you can search for previous articles or browse the following articles to learn! I believe the editor will add more knowledge to you. I hope you can support it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report