Centos6/RHEL6系统升级NTP到NTP-4.2.8p13解决漏洞问题 |
发表者:admin分类:应用服务2019-09-20 11:24:25 阅读[1218] |
之前安装过NTP相关的RPM软件包,正在使用中,由于版本低,有漏洞
现在要升级到最新版本,可以直接停服务,再下载相关NTP4.2.8p13.tar.gz源码包,执行下面命令安装,最后启动服务。
[root@webserver opt]# service ntpd stop
[root@webserver opt]# yum install libcap-devel
[root@webserver opt]# tar zxvf ntp-4.2.8p13.tar.gz
[root@webserver opt]] cd ntp-4.2.8p13
[root@webserver opt]# make
[root@webserver opt]# make install && install -v -o ntp -g ntp -d /var/lib/ntp
[root@webserver opt]# /etc/init.d/ntpd start
正在启动 ntpd: [确定]
[root@webserver opt]#
[root@webserver opt]#
[root@webserver opt]# ntpd -v
/usr/sbin/ntpd: illegal option -- v
ntpd - NTP daemon program - Ver. 4.2.8p13
最后确认ntp已经升级到最新版本了。
ntp-4.2.8p13
Introduction to ntp
The ntp package contains a client and server to keep the time synchronized between various computers over a network. This package is the official reference implementation of the NTP protocol.
This package is known to build and work properly using an LFS-9.0 platform.
Package Information
-
Download (HTTP): https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p13.tar.gz
-
Download MD5 sum: ea040ab9b4ca656b5229b89d6b822f13
-
Download size: 6.6 MB
-
Estimated disk space required: 117 MB (with tests)
-
Estimated build time: 0.8 SBU (with tests)
ntp Dependencies
Required
Optional
libcap-2.27 with PAM, libevent-2.1.11, libedit, and libopts from AutoGen
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/ntp
Installation of ntp
There should be a dedicated user and group to take control of the ntpd daemon after it is started. Issue the following commands as the root
user:
groupadd -g 87 ntp &&
useradd -c "Network Time Protocol" -d /var/lib/ntp -u 87 \
-g ntp -s /bin/false ntp
The update-leap command needs to be fixed in order to run properly:
sed -e 's/"(\\S+)"/"?([^\\s"]+)"?/' \
-i scripts/update-leap/update-leap.in
Install ntp by running the following commands:
./configure CFLAGS="-O2 -g -fPIC" \
--prefix=/usr \
--bindir=/usr/sbin \
--sysconfdir=/etc \
--enable-linuxcaps \
--with-lineeditlibs=readline \
--docdir=/usr/share/doc/ntp-4.2.8p13 &&
make
To test the results, issue: make check.
Now, as the root
user:
make install &&
install -v -o ntp -g ntp -d /var/lib/ntp
Command Explanations
CFLAGS="-O2 -g -fPIC"
: This environment variable is necessary to generate Position Independent Code needed for use in the package libraries.
--bindir=/usr/sbin
: This parameter places the administrative programs in /usr/sbin
.
--enable-linuxcaps
: ntpd is run as user ntp, so use Linux capabilities for non-root clock control.
--with-lineeditlibs=readline
: This switch enables Readline support for ntpdc and ntpq programs. If omitted, libedit will be used if installed, otherwise no readline capabilites will be compiled.
Configuring ntp
Configuration Information
The following configuration file first defines various ntp servers with open access from different continents. Second, it creates a drift file where ntpd stores the frequency offset and a pid file to store the ntpd process ID. Third, it defines the location for the leap-second definition file /etc/ntp.leapseconds
, that the update-leap script checks and updates, when necessary. This script can be run as a cron job and the ntp developers recommend a frequency of about three weeks for the updates. Since the documentation included with the package is sparse, visit the ntp website at http://www.ntp.org/ and http://www.pool.ntp.org/ for more information.
cat > /etc/ntp.conf << "EOF"
# Asia
server 0.asia.pool.ntp.org
# Australia
server 0.oceania.pool.ntp.org
# Europe
server 0.europe.pool.ntp.org
# North America
server 0.north-america.pool.ntp.org
# South America
server 2.south-america.pool.ntp.org
driftfile /var/lib/ntp/ntp.drift
pidfile /var/run/ntpd.pid
leapfile /etc/ntp.leapseconds
EOF
You may wish to add a “Security session”. For explanations, see https://www.eecis.udel.edu/~mills/ntp/html/accopt.html#restrict.
cat >> /etc/ntp.conf << "EOF"
# Security session
restrict default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
EOF
Synchronizing the Time
There are two options. Option one is to run ntpd continuously and allow it to synchronize the time in a gradual manner. The other option is to run ntpd periodically (using cron) and update the time each time ntpd is scheduled.
If you choose Option one, then install the /etc/rc.d/init.d/ntp
init script included in the blfs-bootscripts-20190908 package.
make install-ntpd
If you prefer to run ntpd periodically, add the following command to root
's crontab
:
ntpd -q
Execute the following command if you would like to set the hardware clock to the current system time at shutdown and reboot:
ln -v -sf ../init.d/setclock /etc/rc.d/rc0.d/K46setclock &&
ln -v -sf ../init.d/setclock /etc/rc.d/rc6.d/K46setclock
The other way around is already set up by LFS.
Contents
Short Descriptions
calculates optimal value for tick given ntp drift file. | |
generates cryptographic data files used by the NTPv4 authentication and identification schemes. | |
is useful at boot time, to delay the boot sequence until ntpd has set the time. | |
is a ntp daemon that runs in the background and keeps the date and time synchronized based on response from configured ntp servers. It also functions as a ntp server. | |
is a client program that sets the date and time based on the response from an ntp server. This command is deprecated. | |
is used to query the ntp daemon about its current state and to request changes in that state. | |
is a utility program used to monitor ntpd operations and determine performance. | |
reads and displays time-related kernel variables. | |
traces a chain of ntp servers back to the primary source. | |
is a Simple Network Time Protocol (SNTP) client. | |
reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision timekeeping. | |
is a script to verify and, if necessary, update the leap-second definition file. |
转载请标明出处【Centos6/RHEL6系统升级NTP到NTP-4.2.8p13解决漏洞问题】。
《www.micoder.cc》
虚拟化云计算,系统运维,安全技术服务.
Tags: | [阅读全文...] |
最新评论