Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Sep 2001 00:39:55 +0200
From:      Erik Trulsson <ertr1013@student.uu.se>
To:        DrTebi <drtebi@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: security level and system time question
Message-ID:  <20010917003954.A8822@student.uu.se>
In-Reply-To: <001701c13efc$7b6853c0$c8e1b3d8@liquidground.com>
References:  <001701c13efc$7b6853c0$c8e1b3d8@liquidground.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 16, 2001 at 03:11:05PM -0700, DrTebi wrote:
> Hello,
> I understand that it is not possible to run ntpdate or date when in security
> level 2 -- at least not when the time is off by more than one second.
> I must say that's quite impossible to have a system clock that is not
> inaccurate, at least mine are all not.
> 
> What could be done to fix this? I would prefer to stay in security level 2,
> but don't want my time to be off by 1 minute every month.
> Would it make sence to run a cron job (a'la ntpdate ntp.netcom.ca) every
> minute? Does that sound unreasonable? Is there any security risk running a
> cron job like that (since it would have to be root's cron job)?

First run ntpdate at startup.
(ntpdate_enable in rc.conf)
This will set your system time before the securelevel is raised.

Then run ntpd  (xntpd_enable in rc.conf) which will make sure that your
system time is always less than a second off. (Actually it will keep
the system time even more accurate.)
Running ntpd is much more efficient than running ntpdate often.

I don't actually run at increased securelevels so I can't guarantee
that this will work in that case but it should work fine.

-- 
<Insert your favourite quote here.>
Erik Trulsson
ertr1013@student.uu.se


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010917003954.A8822>