HPE Community
Operating System - HP-UX
1822147 Members
3904 Online
109640 Solutions
New Discussion

NTP Information Disclosure Vulnerability

 
SOLVED
Go to solution
Chandra441
Occasional Advisor

‎02-01-2018 08:58 PM

‎02-01-2018 08:58 PM

NTP Information Disclosure Vulnerability

Hi 

I am using HP-UX B.11.31 64bit machine.

1. What is NTP server

2.How to check whether it is already installed with Core OS.

3.How to configure it.

4.How to Restrict NTP from information disclosure to any other servers

Thanks in advance

0 Kudos
Reply
2 REPLIES 2
Bill Hassell
Honored Contributor

‎02-09-2018 10:46 PM

‎02-09-2018 10:46 PM

Solution

Re: NTP Information Disclosure Vulnerability

1. NTP (Network Time Protocol) is a very accurate system used to synchronize computer clocks.
Read about the protocol here: www.ntp.org

2. NTP has been part of HP-UX for more than 30 years. You can see the package with: swlist | grep NTP

3.. Verify that it is already configured with ntpq like this:

# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
+ftp 216.218.254.202 2 s 459 1024 376 34.833 2.398 1.465
*ns1.usg.edu 130.207.244.240 2 u 530 1024 377 13.530 2.308 2.531
-helium.constant 128.59.0.245 2 u 36 1024 377 40.551 -2.926 1.174
-ntp.woofy.io .PPS. 1 u 476 1024 377 95.088 8.260 1.005
+ha82.smatwebdes 36.78.223.194 2 u 1007 1024 377 32.274 2.738 2.023
-hydrogen.consta 209.51.161.238 2 u 678 1024 377 40.304 -2.753 1.422


The above is from a working client.

If ntpq does not return one or more remote server names, you need to first determine if your data center already has an NTP server running and providing NTP services. You'll need the IP address of that server. Then test it to see that your HP-UX server can reach that server, like this:

# ntpq -p atl1
remote refid st t when poll reach delay offset jitter
==============================================================================
*atl6 198.72.72.10 3 u 979 1024 377 0.520 -4.210 0.900
+atl8v3 10.11.10.210 4 S 633 1024 176 0.730 -4.044 139.190
+atl5par1 10.11.10.210 4 S 556 1024 377 1.250 -7.523 5.740
+atl5par0 10.11.10.210 4 S 1045 1024 376 1.390 -4.823 13.290


atl1 is a server providing NTP service and the 4 other servers are being used for redundancy and better accuracy. If you see a display similar to this, then you configure NTP for HP-UX like this:

Edit the file: /etc/ntp.conf
That file is normally full of comments. Delete everything and add these lines:

server 10.10.100.41 # corporate NTP server
fudge 127.127.1.1 stratum 10 # localhost if NTP server fail
driftfile /etc/ntp.drift

Replace the IP address on the first line with the IP address of your data center NTP server.

Now edit the file: /etc/rc.config.d/netdaemons:

######################################
# xntp configuration. See xntpd(1m) #
######################################
#
# Time synchronization daemon
#
# NTPDATE_SERVER: name of trusted timeserver to synchronize with at boot
# (default is rootserver for diskess clients)
# XNTPD: Set to 1 to start xntpd (0 to not run xntpd)
# XNTPD_ARGS: command line arguments for xntpd
#
# Also, see the /etc/ntp.conf and /etc/ntp.keys file for additional
# configuration.
#
export NTPDATE_SERVER="10.10.100.41"
export XNTPD=1
export XNTPD_ARGS="-l /var/adm/xntpd.log"
# XNTPD_NAME: specify the daemon name (xntpd or ntpd)
export XNTPD_NAME=ntpd


If you have not installed a newer version of NTP, the line:

export XNTPD_NAME=ntpd


should be:

export XNTPD_NAME=xntpd


Now you need to verify that your local timezone and time are correct.
Type the command: date
Make sure the timezone matches your location and the date is correct.

Now while you could start the NTP service now, you could risk problems with applications and databases that rely on stable time. It would be better to reboot your HP-UX server when convenient.

When your server reboots, run the date command and it should be accurate.
Also check the files: /etc/rc.log and /var/adm/syslog/syslog.log for messages from ntp.



Bill Hassell, sysadmin
Reply
Chandra441
Occasional Advisor

‎04-24-2018 12:01 AM

‎04-24-2018 12:01 AM

Re: NTP Information Disclosure Vulnerability

Hi Bill Hassell,

Thanks a lot for information

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.