Date: Thu, 19 Aug 1999 17:34:53 -0700 (PDT)
From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
To: Goran.Lowkrantz@infologigruppen.se (Lowkrantz, Goran)
Cc: danderse@cs.utah.edu ('David G. Andersen'), freebsd-security@FreeBSD.ORG
Subject: Re: Securelevel 3 ant setting time
Message-ID: <199908200034.RAA22564@gndrsh.dnsmgr.net>
In-Reply-To: <B500F74C6527D311B61F0000C0DF5ADC07ECC9@valhall.ign.se> from "Lowkrantz, Goran" at "Aug 20, 1999 00:46:13 am"
next in thread | previous in thread | raw e-mail | index | archive | help
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="windows-1252"
[Charset windows-1252 unsupported, skipping...]
Please don't do that Windoze crudd...
Hi,
I got it working. I added a script to /usr/local/etc/rc.d that run ntpdate
during boot before securlevel is set. I made it a small script as I check
time from a few servers and if one don't work, I test with the next one.
You should let ntpdate make those decisions for you, list ALL of the
time servers on the one command line:
ntpdate clock.llnl.gov ntp.someisp.there date.someotherisp.here my.clock.server
Is much much much better than a loop over 4 calls to ntpdate, as ntpdate
knows a lot more about time protocols and will generate a best time using
the data from 1 to N of the clocks given as arguments. Please read the
man pages...
Thanks,
GLZ
-----Original Message-----
From: David G. Andersen [mailto:danderse@cs.utah.edu]
Sent: Friday, August 20, 1999 12:31 AM
To: Brett Glass
Cc: Archie Cobbs; Goran.Lowkrantz@infologigruppen.se;
freebsd-security@FreeBSD.ORG
Subject: Re: Securelevel 3 ant setting time
"Maybe". (Probably?)
When ntpdate sees a small time delta (less than 1/2 second off), it
will use the adjtime() call to slew the clock time, which is
permitted. However, if the delta is large for some reason, then it
will go in and use the sledgehammer approach - settimeofday().
>From the ntpdate manpage:
The latter technique is less disruptive and
more accurate when the offset is small, and works quite well when
ntpdate
is run by cron(8) every hour or two.
So, you'll probably be OK doing it that way, *but* if you get too far
off during the time period, then you won't be able to correct for it.
-Dave
Lo and Behold, Brett Glass said:
> My server uses a cron job and ntpupdate to grab tne time from the
> best of several accurate government servers. Would securelevel 3 allow
> this?
--
work: danderse@cs.utah.edu me: angio@pobox.com
University of Utah CS Department http://www.angio.net/
"If you haul a geek up a crack, you will bloody their fingers for a
day...
If you teach a geek to climb, you will bloody their fingers for life."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
--
Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908200034.RAA22564>