diff options
Diffstat (limited to 'source/n/ntp/ntp.conf')
| -rw-r--r-- | source/n/ntp/ntp.conf | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/source/n/ntp/ntp.conf b/source/n/ntp/ntp.conf index 1844fb91c..e88603c12 100644 --- a/source/n/ntp/ntp.conf +++ b/source/n/ntp/ntp.conf @@ -1,4 +1,5 @@ # Sample /etc/ntp.conf: Configuration file for ntpd. + # # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. The @@ -22,12 +23,27 @@ fudge 127.127.1.0 stratum 10 #server 3.pool.ntp.org iburst # +# Full path of a directory where statistics files should be created +# +statsdir /var/lib/ntp/stats + +# +# Location of an alternate log file to be used instead of the default system syslog(3) facility +# +logfile /var/log/ntp + +# # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. # -driftfile /etc/ntp/drift +driftfile /var/lib/ntp/drift + +# +# Location of PID file +# +pidfile /var/run/ntpd.pid # # Uncomment to use a multicast NTP server on the local subnet: @@ -37,12 +53,13 @@ driftfile /etc/ntp/drift # # Keys file. If you want to diddle your server at run time, make a -# keys file (mode 600 for sure) and define the key number to be -# used for making requests. +# keys file (mode 640 owned by root:ntp) and define the key number to +# be used for making requests. # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote # systems might be able to reset your clock at will. # -#keys /etc/ntp/keys +#keysdir /etc +#keys /etc/ntp.keys #trustedkey 65535 #requestkey 65535 #controlkey 65535 @@ -59,13 +76,6 @@ restrict -6 default limited kod nomodify notrap nopeer noquery #restrict -6 default limited kod nomodify notrap nopeer # -# Disable the ntpdc -c monlist command, which is insecure and can be used -# to cause a denial of service attack (CVE-2013-5211). Future versions of -# NTP will remove this command. -# (this feature was disabled by default with ntpd 4.2.7p230) -disable monitor - -# # Trust ourselves. :-) restrict 127.0.0.1 restrict ::1 |