Prerequisites:
VM/ Physical – It is recommended to have the time server as a physical server, but VMs should be okay depending on your setup and requirement. My virtual lab environment is VMware based so here’s the guide for a VM. Once the CentOS Minimal is installed on the VM make sure to install open-vm-tools.
1 |
yum install open-vm-tools |
If you are not conformable with Vi Editor please use install nano for editing.
1 |
yum install nano |
Installing the time server:
- First we need to install NTPd . to do this open command line :
1[root@mytimesrv01 ~]# yum -y install ntp
- Then open NTP main configuration file for editing:If you are planning on hosting your time servers externally like time01.yourdomain.com, time02.yourdomain.com with ports 123 open on the firewall. Each of the time server will be talking to 0.us.pool.ntp.org, 0.us.pool.ntp.org, 0.us.pool.ntp.org, 0.us.pool.ntp.org. Later on you can probably add your time servers to the NTP.org by joining the pool. For my example, I am not using the centos default pool, but i am using the U.S. zone. For internal servers/workstations you can point it to the local ip/dns name for the local time servers.123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869[root@mytimesrv01 ~]# vi /etc/ntp.conf# For more information about this file, see the man pages# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).driftfile /var/lib/ntp/drift# Permit time synchronization with our time source, but do not# permit the source to query or modify the service on this system.restrict default nomodify notrap nopeer noquery# Permit all access over the loopback interface. This could# be tightened as well, but to do so would effect some of# the administrative functions.restrict 127.0.0.1restrict ::1# Hosts on local network are less restricted.#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).#Your time servers go here:server 0.us.pool.ntp.org iburstserver 1.us.pool.ntp.org iburstserver 2.us.pool.ntp.org iburstserver 3.us.pool.ntp.org iburst#Default OOB time servers#server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst#broadcast 192.168.1.255 autokey # broadcast server#broadcastclient # broadcast client#broadcast 224.0.1.1 autokey # multicast server#multicastclient 224.0.1.1 # multicast client#manycastserver 239.255.254.254 # manycast server#manycastclient 239.255.254.254 autokey # manycast client# Enable public key cryptography.#cryptoincludefile /etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating# with symmetric key cryptography.keys /etc/ntp/keys# Specify the key identifiers which are trusted.#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.#requestkey 8# Specify the key identifier to use with the ntpq utility.#controlkey 8# Enable writing of statistics records.#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc# monlist command when default restrict does not include the noquery flag. See# CVE-2013-5211 for more details.# Note: Monitoring will not be disabled with the limited restriction flag.disable monitorlogfile /var/log/ntp.log
- Then start and enable ntp server:
12[root@mytimesrv01 ~]# systemctl start ntpd[root@mytimesrv01 ~]# systemctl enable ntpd
- You need to allow ntp service on firewall(NTP service uses UDP port 123). So run next command:
1234[root@mytimesrv01 ~]# firewall-cmd –add-service=ntp –permanentsuccess[root@mytimesrv01 ~]# firewall-cmd –reloadsuccess
- Verify you ntp service with next command:
1[root@mytimesrv01 ~]# ntpq -p
Your output should be similar to: