Date: Sun, 16 Sep 2001 19:34:00 -0400 From: "Joseph Gleason" <clash@tasam.com> To: "Erik Trulsson" <ertr1013@student.uu.se>, "DrTebi" <drtebi@yahoo.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: security level and system time question Message-ID: <003b01c13f08$10a176f0$095f5f0a@battleship> References: <001701c13efc$7b6853c0$c8e1b3d8@liquidground.com> <20010917003954.A8822@student.uu.se>
next in thread | previous in thread | raw e-mail | index | archive | help
I would agree that ntpdate on bootup, then ntpd there after is a good idea. However, to avoid any security issues of running the ntpd service constantly, I do ntpdate every hour instead. Even at securily level 2, it does a good job. > On Sun, Sep 16, 2001 at 03:11:05PM -0700, DrTebi wrote: > > Hello, > > I understand that it is not possible to run ntpdate or date when in security > > level 2 -- at least not when the time is off by more than one second. > > I must say that's quite impossible to have a system clock that is not > > inaccurate, at least mine are all not. > > > > What could be done to fix this? I would prefer to stay in security level 2, > > but don't want my time to be off by 1 minute every month. > > Would it make sence to run a cron job (a'la ntpdate ntp.netcom.ca) every > > minute? Does that sound unreasonable? Is there any security risk running a > > cron job like that (since it would have to be root's cron job)? > > First run ntpdate at startup. > (ntpdate_enable in rc.conf) > This will set your system time before the securelevel is raised. > > Then run ntpd (xntpd_enable in rc.conf) which will make sure that your > system time is always less than a second off. (Actually it will keep > the system time even more accurate.) > Running ntpd is much more efficient than running ntpdate often. > > I don't actually run at increased securelevels so I can't guarantee > that this will work in that case but it should work fine. > > -- > <Insert your favourite quote here.> > Erik Trulsson > ertr1013@student.uu.se > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003b01c13f08$10a176f0$095f5f0a>