Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] getting mad connecting to (x)ntpd
  • From: Roland Hilkenbach <roland@xxxxxxxxxxxxxxxxxx>
  • Date: Wed, 12 Dec 2001 09:51:39 +0100
  • Message-id: <3C171A9B.EC34272B@xxxxxxxxxxxxxxxxxx>
"Reckhard, Tobias" wrote:
>
> Dear colleagues,
> > i wonder if suse took some sophisticated measures to prevent
> > the xntpd from
> > being contacted by clients :-|
>
> No.
>
> > I configured the server connecting to two "outside" servers
> > as time sources.
> > These connections work fine (shown with "ntpq -p"). The local
> > source was
> > left untouched. Now, if i try to "netdate" to this timeserver
> > from a (linux)
> > client, i immediately get the message "connection refused".
> > Here's the ntpd.conf, maybe i've missed sth?
> >
> > Thanx a lot for your patience
> > Uli
> >
> >
> >
> > server 127.127.1.0 # local clock (LCL)
> > fudge 127.127.1.0 stratum 10 # LCL is unsynchronized
> >
> > server 192.53.103.104 prefer
> > server 212.19.48.35
> >
> > driftfile /etc/ntp.drift # path for drift file
> >
> > logfile /var/log/ntp # alternate log file
> > logconfig =all
>
> This looks pretty normal, though I'd probably remove the 'prefer' statement
> (with lack of a reason not to) and the local clock statement, which does
> more harm than good quite often (I believe to have observed that the sync to
> UTC is lost faster when the link to the NTP servers is lost with an LCL
> driver active, if the LCL isn't synched externally).
>
> Are you sure 'netdate' which I don't know, uses NTP? I only know of
> ntpdate..
>
> Cheers
> Tobias
>

Maybe it is compiled with tcp-wrapper support like many other services.
In this case have a deep look into
/etc/hosts.allow and /etc/hosts.deny
I didn't verify that though...

Roland Hilkenbach

< Previous Next >
References