HPE Community
Operating System - Linux
1830168 Members
6345 Online
109999 Solutions
New Discussion

System Time Clock Problem

 
SOLVED
Go to solution
Kyle D. Harris
Regular Advisor

‎12-09-2003 07:50 AM

‎12-09-2003 07:50 AM

System Time Clock Problem

I have a vulnerability of "Incorrect System Clock Vulnerability".

The solution just says "Set your system time correctly. Use of Network Time Protocol to synchronize is recommended.

Is anybody familiar with how to do this? The solution wasn't very specific enough for my level of knowledge in Linux. I have 9.0 by the way. Thanks.

Kyle
0 Kudos
Reply
11 REPLIES 11
Martin P.J. Zinser
Honored Contributor

‎12-09-2003 08:15 AM

‎12-09-2003 08:15 AM

Solution

Re: System Time Clock Problem

Hello Kyle,

the Network time protocol (NTP) allows you to automatically adjust the time of your system vs. an (external) reference source. One provide in the US is the National Institute of Standards. Have a look at

http://www.boulder.nist.gov/timefreq/service/its.htm

Their SW is for Windows, you need the IP addresses of the servers only ;-)

You should be able to configure NTP from the RH management GUI (sorry, I use SuSE, so no specifics here).

The important thing is to add the servers of your choice to the ntp.conf file.

Greetings, Martin
Reply
Kyle D. Harris
Regular Advisor

‎12-09-2003 08:17 AM

‎12-09-2003 08:17 AM

Re: System Time Clock Problem

Are you familiar with where that .conf file is? Thanks for the help.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-09-2003 08:33 AM

‎12-09-2003 08:33 AM

Re: System Time Clock Problem

The ntp.conf file is usually kept in /etc or /etc/ntp(non-standard)

I'm attaching one from an HP server, because its a good example, just change to a valid time source.

chkconfig 345 ntpd

service ntpd start

The first command(fuzzy, may have a syntax issue) will configure it, the service command will for sure run it.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Ratzie
Super Advisor

‎12-09-2003 09:49 AM

‎12-09-2003 09:49 AM

Re: System Time Clock Problem

You also need to set the system board clock to match your ntp time server, your hwclock will drift and after so many seconds or minutes the time lapse is to big to adjust the time anymore.
I run this as a cron nightly.

00 01 * * * /sbin/hwclock -w

0 Kudos
Reply
Martin P.J. Zinser
Honored Contributor

‎12-09-2003 10:08 AM

‎12-09-2003 10:08 AM

Re: System Time Clock Problem

Hello,

If the time shift accumulates depends on your connectivity. I use a Cable modem/router and the time on my systems stays pretty stable ;-)

Actually I do synch one server against an external source and then use this to synch my other systems against.

Greetings, Martin
Reply
Ragu_1
Regular Advisor

‎12-11-2003 03:56 PM

‎12-11-2003 03:56 PM

Re: System Time Clock Problem

The ideal one-shot solution would be to install rdate, sync with a remote stratum-2 time server and then sync your hardware rtc using `hwclock --systohc'. But if you have a fscked drifting hardware rtc, then syncing with ntpd is recommended. I would still ask you to use `chrony' and later change the cmos battery after verifying the size of the drift. Hth...
Share and share alike
Reply
Huc_1
Honored Contributor

‎12-11-2003 09:18 PM

‎12-11-2003 09:18 PM

Re: System Time Clock Problem

This link is for RedHat 8.0 but its still valid for 9.0

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/custom-guide/ch-dateconfig.html

J-P
Smile I will feel the difference
0 Kudos
Reply
Huc_1
Honored Contributor

‎12-11-2003 09:44 PM

‎12-11-2003 09:44 PM

Re: System Time Clock Problem

Kyle,

Your question reminde me ntp is some thing I still needed to investigate so since last entry/reply I have been surfing the web to read/find more information and the most interesting one I found is the following.

http://www.ntp.org/

in there there is a list of avaiable public ntp server worldwide ...

and lot of usufull link/info if you want to go deep into ntp/server and time releated topic...

a great topic ... "well it got my clock going !"

Hope this get you addicted

J-P
Smile I will feel the difference
Reply
Nobody's Hero
Valued Contributor

‎12-12-2003 12:52 AM

‎12-12-2003 12:52 AM

Re: System Time Clock Problem

Use ntpd and config ntp.conf file with a valid outside time source. Actually, config more than one source. NTP will use both to get the best time. We punched a hole through the firewall to go to the US Naval Time source. If your time has drifted more than 999 seconds, run ntpdate command to jump the time, then use ntp to drift back and forth until it is accurate. ntp will not adjust over 999 seconds which is about 16 minutes. Also, if you are running oracle, jumping the time forward with ntpdate can cause oracle database problems. Jump the time with oracle shutdown to be safe. Also, if you punch a hole through the firewall, keep security in mind even though the ntp port is secure.


The NTP port (123) is considered to be safe. If your firewall has just one port open, then the rest of the services can't be seen or reached from outside the firewall (assuming you have a good firewall and a good administrator). But good security demands that all ports be closed by default and then an explicit decision to run a service (open a port) made based on corporate guidelines. Most security problems come from inside the firewall.
UNIX IS GOOD
0 Kudos
Reply
Nobody's Hero
Valued Contributor

‎12-12-2003 12:54 AM

‎12-12-2003 12:54 AM

Re: System Time Clock Problem

Let me clear my message up. You should configure a server for ntp only, then close all unused ports to the outside wall, just to be safe. Then point all you windoze,linux and hpux servers to the ntp server that gets its time from the outside world.
UNIX IS GOOD
Reply
Olivier Drouin
Trusted Contributor

‎12-12-2003 01:20 AM

‎12-12-2003 01:20 AM

Re: System Time Clock Problem

Note that syncing the time of your servers comes real handy when looking through log files on distributed architectures.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.