ntp config tech note
james edwards
hackerwacker at cybermesa.com
Fri May 21 17:26:36 UTC 2004
> My personal feeling was that for most systems its better to not have the
> daemon running - i.e. the benefit of smaller more frequent clock
> adjustments does not outweigh the cost of another service running,
> especially as root or even as a jailed non-root user.
Well, present NTP drops to a nonroot user after it sets the time &
proprer use of the very flexable ACL lists in your ntp.conf should help
midigate
non-local NTP exploits, ie, don't offer NTP service to the world or anyone
else
for that matter.
I need better than one second resolution for syslog and other loging info to
be useful
in debugging problems across multiple hosts.
--
James H. Edwards
Routing and Security Administrator
At the Santa Fe Office: Internet at Cyber Mesa
jamesh at cybermesa.com
noc at cybermesa.com
(505) 795-7101
More information about the NANOG
mailing list