Monday, March 16, 2015

Linux Service Configuration - NTP

As a network guy, you will work with NTP (Network Time Protocol) lots for your network devices.

From Wikipedia, the explanation regarding NTP is:
"The protocol is usually described in terms of a client-server model, but can as easily be used in peer-to-peer relationships where both peers consider the other to be a potential time source.Implementations send and receive timestamps using the User Datagram Protocol (UDP) on port number 123. They can also use broadcasting or multicasting, where clients passively listen to time updates after an initial round-trip calibrating exchange. NTP supplies a warning of any impending leap second adjustment, but no information about local time zones or daylight saving time is transmitted."
A local linux NTP server on the network can be synchronized with a trusted timing source to keep all of your internal NTP clients in sync with an accurate time. For windows ntp server, please check my previous post: Build NTP Windows Server for Network Devices (not Win32Time)

1. Install NTP Server

a. Check your linux release

[[email protected] ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)

b. [[email protected] ~]# yum install ntp

Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
Package ntp-4.2.6p5-2.el6.centos.x86_64 already installed and latest version
Nothing to do

2. Modify /etc/ntp.conf

a. add trusted time server, in my case it is 10.9.1.1. Other configuration could be default. 


b. Restart ntpd service

[[email protected] ~]# service ntpd restartShutting down ntpd: [  OK  ]Starting ntpd: [  OK  ][[email protected] ~]# service ntpd stopShutting down ntpd: [  OK  ][[email protected] ~]# service ntpd startStarting ntpd: [  OK  ]

c. Also you could restrict only specific clients

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

d. add local clock as backup

server 127.127.1.0 # local clockfudge 127.127.1.0 stratum 10

3. Verify NTP Status

a. using command ntpq -p
[[email protected] ~]# ntpq -p     remote           refid      st t when poll reach   delay   offset  jitter==============================================================================*10.9.1.1     193.108.184.92   3 u   25   64  377    2.173    4.430   3.906

b. Manually synchronize time

[[email protected] ~]# ntpdate -u 10.9.1.116 Mar 20:38:58 ntpdate[2671]: adjust time server 10.9.1.1 offset -0.005387 sec

c. on your linux NTP client, you could start your ntp client Daemon and check the ntp client status

[[email protected] ~]# /etc/init.d/ntpd start
Starting ntpd:  
[[email protected] ~]# ntpdc -c sysinfo
system peer:          r-1-hsrp.mgmt.intern
system peer mode:     client
leap indicator:       00
stratum:              4
precision:            -19
root distance:        0.18851 s
root dispersion:      1.09599 s
reference ID:         [10.9.1.1]
reference time:       d8b1b105.8e2ff185  Mon, Mar 16 2015 20:44:05.555
system flags:         auth monitor ntp kernel stats
jitter:               0.000000 s
stability:            0.000 ppm
broadcastdelay:       0.000000 s
authdelay:            0.000000 s
[[email protected] ~]# service ntpd status
ntpd (pid  28807) is running...
[[email protected] ~]# chkconfig --list
abrt-ccpp       0:off   1:off   2:off   3:on    4:off   5:on    6:off
abrt-oops       0:off   1:off   2:off   3:on    4:off   5:on    6:off
abrtd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
atd             0:off   1:off   2:off   3:off   4:off   5:off   6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
autofs          0:off   1:off   2:off   3:off   4:off   5:off   6:off
avahi-daemon    0:off   1:off   2:off   3:on    4:on    5:on    6:off
blk-availability        0:off   1:on    2:on    3:on    4:on    5:on    6:off
certmonger      0:off   1:off   2:off   3:off   4:off   5:off   6:off
cgconfig        0:off   1:off   2:off   3:off   4:off   5:off   6:off
cgred           0:off   1:off   2:off   3:off   4:off   5:off   6:off
chronyd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
cpuspeed        0:off   1:on    2:off   3:off   4:off   5:off   6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
dnsmasq         0:off   1:off   2:off   3:off   4:off   5:off   6:off
dsmc            0:off   1:off   2:off   3:off   4:off   5:off   6:off
ebtables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
fusioninventory-agent   0:off   1:off   2:off   3:off   4:off   5:off   6:off
haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off
htcacheclean    0:off   1:off   2:off   3:off   4:off   5:off   6:off
httpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off
iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
irqbalance      0:off   1:off   2:off   3:on    4:on    5:on    6:off
iscsi           0:off   1:off   2:off   3:off   4:off   5:off   6:off
iscsid          0:off   1:off   2:off   3:off   4:off   5:off   6:off
kdump           0:off   1:off   2:off   3:off   4:off   5:off   6:off
ksm             0:off   1:off   2:off   3:off   4:off   5:off   6:off
ksmtuned        0:off   1:off   2:off   3:off   4:off   5:off   6:off
libvirt-guests  0:off   1:off   2:off   3:off   4:off   5:off   6:off
libvirtd        0:off   1:off   2:off   3:off   4:off   5:off   6:off
lm_sensors      0:off   1:off   2:off   3:off   4:off   5:off   6:off
lvm2-monitor    0:off   1:on    2:off   3:off   4:off   5:off   6:off
mcelogd         0:off   1:off   2:off   3:on    4:off   5:on    6:off
mdmonitor       0:off   1:off   2:off   3:off   4:off   5:off   6:off
messagebus      0:off   1:off   2:on    3:on    4:on    5:on    6:off
netcf-transaction       0:off   1:off   2:on    3:on    4:on    5:on    6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:off   4:off   5:off   6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfs             0:off   1:off   2:off   3:off   4:off   5:off   6:off
nfslock         0:off   1:off   2:off   3:off   4:off   5:off   6:off
nmb             0:off   1:off   2:off   3:off   4:off   5:off   6:off
nrpe            0:off   1:off   2:on    3:on    4:on    5:on    6:off
nscd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
nslcd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
ntpdate         0:off   1:off   2:off   3:off   4:off   5:off   6:off

numad           0:off   1:off   2:off   3:off   4:off   5:off   6:off
oddjobd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
psacct          0:off   1:off   2:off   3:off   4:off   5:off   6:off
quota_nld       0:off   1:off   2:off   3:off   4:off   5:off   6:off
radvd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
restorecond     0:off   1:off   2:off   3:off   4:off   5:off   6:off
rngd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
rpcbind         0:off   1:off   2:off   3:off   4:off   5:off   6:off
rpcgssd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
rpcsvcgssd      0:off   1:off   2:off   3:off   4:off   5:off   6:off
saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
smartd          0:off   1:off   2:off   3:off   4:off   5:off   6:off
smb             0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sssd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
svnserve        0:off   1:off   2:off   3:off   4:off   5:off   6:off
syslog-ng       0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off
udev-post       0:off   1:on    2:on    3:on    4:on    5:on    6:off
winbind         0:off   1:off   2:off   3:off   4:off   5:off   6:off
xe-linux-distribution   0:off   1:off   2:on    3:on    4:on    5:on    6:off
ypbind          0:off   1:off   2:off   3:off   4:off   5:off   6:off

[[email protected] ~]# service --status-all | less
auditd is stopped
crond (pid  1087) is running...
dsmc is stopped
dsmcad is stopped
fusioninventory-agent is stopped
ip6tables: Firewall is not running.
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination        
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5666
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:1500
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:1501
8    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination        
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination        
ktune settings are not applied.
No sensors found!
Make sure you loaded all the kernel drivers you need.
Try sensors-detect to find out which these are.
lvmetad is stopped
messagebus (pid  863) is running...
netconsole module not loaded
Configured devices:
lo eth0
Currently active devices:
lo eth0
nrpe (pid  973) is running...
nscd is stopped
nslcd is stopped
ntpd (pid  961) is running...
master (pid  1071) is running...
Process accounting is disabled.
qpidd is stopped
rdisc is stopped
rpcbind (pid  804) is running...
rsyslogd (pid  778) is running...
sandbox is stopped
saslauthd is stopped
openssh-daemon (pid  932) is running...
syslog-ng is stopped
tuned is stopped
winbindd is stopped
os_distro="centos"
os_majorver="6"
os_minorver="6"
os_uname="2.6.32-504.8.1.el6.x86_64"
os_name="CentOS release 6.6 (Final)"

[[email protected] ~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      932/sshd          
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1071/master        
tcp        0      0 0.0.0.0:5666                0.0.0.0:*                   LISTEN      973/nrpe          
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      804/rpcbind        
udp        0      0 0.0.0.0:973                 0.0.0.0:*                               804/rpcbind        
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               804/rpcbind        
udp        0      0 10.9.1.132:123            0.0.0.0:*                               961/ntpd          
udp        0      0 127.0.0.1:123               0.0.0.0:*                               961/ntpd          
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               961/ntpd            


No comments:

Post a Comment