配置ntp.conf
[root@server ~]# vim /etc/ntp.conf
For more information about this file, see the man pages
ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
Permit time synchronization with our time source, but do not
permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
restrict 192.168.100.0 mask 255.255.255.0 nomodify notrap
restrict ntp.aliyun.com nomodify
restrict cn.pool.ntp.org nomodify
Permit all access over the loopback interface. This could
be tightened as well, but to do so would effect some of
the administrative functions.
restrict 127.0.0.1
restrict ::1
Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Use public servers from the pool.ntp.org project.
Please consider joining the pool (http://www.pool.ntp.org/join.html).
server ntp.aliyun.com iburst prefer
server cn.pool.ntp.org iburst
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
Key file containing the keys and key identifiers used when operating
with symmetric key cryptography.
keys /etc/ntp/keys
Specify the key identifiers which are trusted.
#trustedkey 4 8 42
Specify the key identifier to use with the ntpdc utility.
#requestkey 8
Specify the key identifier to use with the ntpq utility.
#controlkey 8
Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
Disable the monitoring facility to prevent amplification attacks using ntpdc
monlist command when default restrict does not include the noquery flag. See
CVE-2013-5211 for more details.
Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
参数说明:
restrict IP地址 mask 子网掩码
其中 IP 可以是IP地址,也可以是 default ,default 就是指所有的IP,默认拒绝所有操作。:
ignore :关闭所有的 NTP 联机服务
nomodify:客户端不能更改服务端的时间参数,但是客户端可以通过服务端进行网络校时。
notrust :客户端除非通过认证,否则该客户端来源将被视为不信任子网
noquery :不提供客户端的时间查询
notrap : 不提供trap远端事件登录功能
nopeer : 不与 同一层的ntp服务器进行时间同步
kod : 阻止kiss of death包对服务器的破坏
server IP地址或域名 [prefer]
注:IP地址或域名就是我们指定的上级时间服务器,如果 Server 参数最后加上 prefer,表示我们的 NTP 服务器主要以该部主机时间进行校准。解决NTP服务器校准时间时的传送延迟
Original: https://www.cnblogs.com/shiqiang-lee/p/16155208.html
Author: 何以卿卿
Title: CentOS下配置NTP时间服务器
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/606488/
转载文章受原作者版权保护。转载请注明原作者出处!