[70694] in North American Network Operators' Group
Re: ntp config tech note
daemon@ATHENA.MIT.EDU (james edwards)
Fri May 21 13:27:11 2004
From: "james edwards" <hackerwacker@cybermesa.com>
To: <nanog@nanog.org>
Date: Fri, 21 May 2004 11:26:36 -0600
Errors-To: owner-nanog-outgoing@merit.edu
> My personal feeling was that for most systems its better to not have the
> daemon running - i.e. the benefit of smaller more frequent clock
> adjustments does not outweigh the cost of another service running,
> especially as root or even as a jailed non-root user.
Well, present NTP drops to a nonroot user after it sets the time &
proprer use of the very flexable ACL lists in your ntp.conf should help
midigate
non-local NTP exploits, ie, don't offer NTP service to the world or anyone
else
for that matter.
I need better than one second resolution for syslog and other loging info to
be useful
in debugging problems across multiple hosts.
--
James H. Edwards
Routing and Security Administrator
At the Santa Fe Office: Internet at Cyber Mesa
jamesh@cybermesa.com
noc@cybermesa.com
(505) 795-7101
