From owner-freebsd-questions Sun Sep 16 15:40: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailc.telia.com (mailc.telia.com [194.22.190.4]) by hub.freebsd.org (Postfix) with ESMTP id 0604737B40C for ; Sun, 16 Sep 2001 15:40:01 -0700 (PDT) Received: from d1o913.telia.com (d1o913.telia.com [195.252.44.241]) by mailc.telia.com (8.11.6/8.11.6) with ESMTP id f8GMdwK14481 for ; Mon, 17 Sep 2001 00:39:59 +0200 (CEST) Received: from ertr1013.student.uu.se (h185n2fls20o913.telia.com [212.181.163.185]) by d1o913.telia.com (8.8.8/8.8.8) with SMTP id AAA29046 for ; Mon, 17 Sep 2001 00:39:58 +0200 (CEST) Received: (qmail 10374 invoked by uid 1001); 16 Sep 2001 22:39:55 -0000 Date: Mon, 17 Sep 2001 00:39:55 +0200 From: Erik Trulsson To: DrTebi Cc: freebsd-questions@freebsd.org Subject: Re: security level and system time question Message-ID: <20010917003954.A8822@student.uu.se> Mail-Followup-To: DrTebi , freebsd-questions@freebsd.org References: <001701c13efc$7b6853c0$c8e1b3d8@liquidground.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001701c13efc$7b6853c0$c8e1b3d8@liquidground.com> User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Sep 16, 2001 at 03:11:05PM -0700, DrTebi wrote: > Hello, > I understand that it is not possible to run ntpdate or date when in security > level 2 -- at least not when the time is off by more than one second. > I must say that's quite impossible to have a system clock that is not > inaccurate, at least mine are all not. > > What could be done to fix this? I would prefer to stay in security level 2, > but don't want my time to be off by 1 minute every month. > Would it make sence to run a cron job (a'la ntpdate ntp.netcom.ca) every > minute? Does that sound unreasonable? Is there any security risk running a > cron job like that (since it would have to be root's cron job)? First run ntpdate at startup. (ntpdate_enable in rc.conf) This will set your system time before the securelevel is raised. Then run ntpd (xntpd_enable in rc.conf) which will make sure that your system time is always less than a second off. (Actually it will keep the system time even more accurate.) Running ntpd is much more efficient than running ntpdate often. I don't actually run at increased securelevels so I can't guarantee that this will work in that case but it should work fine. -- Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message