/etc/ntp.conf |
Page started on: Mon Mar 29 10:42:33 EDT 2021
ll /etc/ntp.conf -r--r--r-- 1 bin bin 19191 Mar 26 10:31 /etc/ntp.conf
cat /etc/ntp.conf # Sample XNTP Configurations File # # @(#)B.11.31_LR # # Use "peer", "server" and "broadcast " statements to specify various time # server to be used and/or time services to be provided. # Peer: The peer statement specifies that the given host is to be polled # in "symmetric active" mode. The syntax is : # peer addr [ key # ] [ version # ] [ minpoll interval_in_sec ] [ prefer ] # # peer 128.116.64.3 key 2001 version 2 # # Server: The server statement causes polling to be done in client mode rather # than symmetric active. It is an alternative to the peer command # above. Which you use depends on what you want to achieve. # The syntax is: # server addr [ key # ] [ version # ] [ minpoll interval_in_sec ] # [ prefer ] # # server 128.8.10.1 key 2000 minpoll 6 prefer server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org server 3.us.pool.ntp.org # # # # Broadcast: The broadcast command specifies that the local server to operate # in broadcast mode, where the local server sends periodic broadcast # messages to a client population at the broadcast/multicast address # specified. In this mode, address is usually the broadcast address # of (one of) the local network(s) or a multicast address assigned # assigned to NTP. The address of 224.0.0.1 is assigned to NTP. # This is presently the only address that should be used. Note that # the use of multicast features requires a multicast kernel. # # The Syntax is: # # broadcast addr [ key # ] [ version # ] [ minpoll interval_in_sec ] # # broadcast 128.100.49.255 # [ key n ] [ version n ] # # # #broadcastclient: This command tells the local server to listen for broadcast # messages at the broadcast address of the local network. The # default address is the subnet address with the host field # bits set to ones. In broadcastclient mode, it listens for # and synchronizes to succeeding broadcast messages. # # #broadcastclient # # # # broadcastdelay: It configures in a default round-trip delay to use for # broadcast time (in seconds). The defaults is 0.008 second. # #broadcastdelay 0.008 # # # # Drift file: Put this in a directory which the daemon can write to. No # symbolic links allowed, either. # # #driftfile /etc/ntp.drift # # # # authenticate: It configures us into strict authentication mode (or not). # The default is no. # #authenticate yes # or no. # # # # authdelay: It is the time (in seconds) it takes to do an NTP encryption # on this host. # #AUTHDELAY # # # trustedkey: The keys defined here are used when authenticate is on. # We only trust (and sync to) peers who know and use these keys. # #trustedkey 1 3 4 8 # # # # keys: It specifies the file which holds the authentication keys. # #keys /etc/ntp.keys # # # controlkey: It indicates which key is to be used for validating # mode 6 write variables commands. If this isn't defined, no # mode 6 write variables commands can be done on the xntpd. # #controlkey 65534 # # # restrict: This option places restrictions on one or more systems. # This is implemented as a sorted address-and-mask list, with # each entry including a set of flags which define what a host # matching the entry *can't* do. # The syntax is : # restrict address [ mask numeric mask ] [ flag ] # # The flags are: # # ignore - ignore all traffic from host # noserve - don't give host any time (but let him make queries?) # notrust - give the host time, and let it queries, but don't # sync to it. # noquery - host can have time, but can not make queries # nomodify - allow the host to make queries except those which are # actually run-time configuration commands. # ntpport - Makes matches for this entry only if the source # port is 123. # # # # # #The matching machines can be servered time, but they will be restricted to #make non-modifying #queries # #restrict 129.140.0.0 mask 255.255.0.0 notrust nomodify # #Ignore all packets from host 15.1.15.1 # # restrict 15.1.15.1 ignore # # Restric 35.1.1.o to query only # #restrict 35.1.1.0 mask 255.255.255.0 noserve nomodify # # take time from the 128.116.64.3, but don't let it query # #restrict 128.116.64.3 noquery # ### # # HPUX-NTP v4 is vulnerable to CVE CVE-2013-5211. # Workaround: Configure NTP with "disable monitor" or "restrict default noquery". # For more information, see the ID HPSBUX02960 document at HPSC (HP Support Center). # # Block all control queries from external systems, allows time services restrict default noquery # Allow local queries restrict 127.0.0.1 # ### # # statdir : Indicates the full path of the directory where statistics files # should be created: # #statsdir /var/tmp/ntp # # # statistics : Enables writing of statistics records: loopstats/peerstats. # #statistics loopstats #statistics peerstats # # filegen : Configures the ways to generate the statistic file set. It # provides a mean for handling files that are continously growing # during the lifetime of a server. # # The syntax is : # filegen statsname [ file filename ] [ type typename ] # [ link/nolink ] [ enable/disable ] # # #filegen loopstats file loopstat type week link #filegen peerstats file loopstat type week link # # # # Local clock : Allows the server to synchronize to its own clock. # # server 127.127.1.1 # fudge 127.127.1.1 stratum 10 # show poor quality # # # Spectracom Netclock/2 clocks : synchronize to netclock/2 which receives WWVB. # # server 127.127.3.x # PSTI 1010/1020 WWV Clock # server 127.127.4.1 # Spectracom Netclock/2 WWVB or GPS receiver /dev/wwvb1 # server 127.127.5.x # Kinimetric Truetime 468-DC GOES receiver # # server 127.127.9.x # MX4200 GPS receiver # server 127.127.10.x # Austron 2201A GPS Timing Receiver # server 127.127.11.x # Kinemetrics Truetime OM-DC OMEGA Receiver # server 127.127.12.x # KSI/Odetecs TPRO-S IRIG-B / TPRO-SAT GPS # server 127.127.13.x # Leitch: CSD 5300 Master Clock System Driver # server 127/127.15.x # TrueTime GPS/TM-TMD # server 127.127.16.x # Bancomm GPS/IRIG Ticktock # server 127.127.17.x # Datum Programmable Time System # server 127.127.18.x # NIST Modem Time Service # server 127.127.23.x # PTB Modem Time Service # server 127.127.24.x # USNO Modem Time Service # # server 127.127.26.1 # HP GPS receiver /dev/hpgps1 # fudge 127.127.26.1 time1 -0.955 # s700 # fudge 127.127.26.1 time1 -0.930 # s800 use one "fudge" line only # # # Example configurations ========================================= # # NTP configuration file (ntp.conf) # baldwin.udel.edu (128.4.1.24) # # This illustrates the use of an external clock with the local clock # driver, as well as a multicast server. The prefer keyword on the # local clock driver declares an external clock and that the time of # this server should not be wiggled by an NTP peer, unless the # external clock comes unstuck. Note the use of the multicast group # ID assigned to NTP, 224.0.1.1, which identifies this as a multicast # server rather than a broadcast one. The other NTP peers are known # stratum-1 chimes intended as backup should the external clock croak. # #peer 127.127.1.0 prefer # KSI/Odetics TPRO IRIG interface #fudge 127.127.1.0 stratum 0 refid GPS #broadcast 224.0.1.1 key 6 ttl 127 #peer 128.4.1.1 # rackety.udel.edu (Sun4c/40 IPC) #peer 128.4.1.4 # barnstable.udel.edu (Sun4c/65 SS1+) #peer 128.4.1.2 # mizbeaver.udel.edu (Bancomm bc700LAN) #peer 128.4.1.20 # pogo.udel.edu (Sun4c/65 SS1+) # # Miscellaneous stuff # #enable auth monitor # enable the good stuff #driftfile /etc/ntp.drift # path for drift file #statsdir /baldwin/ntpstats/ # directory for statistics files #filegen peerstats file peerstats type day enable #filegen loopstats file loopstats type day enable #filegen clockstats file clockstats type day enable # # Authentication stuff # #keys /usr/local/bin/ntp.keys # path for keys file #trustedkey 3 4 5 6 14 15 # define trusted keys #requestkey 15 # key (7) for accessing server variables #controlkey 15 # key (6) for accessing server variables #authdelay 0.000163 # authentication delay (SPARC4c/40 IPC MD5) # # NTP configuration file (ntp.conf) # bearegard.udel.edu (128.4.1.23) # #server pogo.udel.edu # stratum 1 nearby #server 127.127.18.1 #fudge 127.127.18.1 time1 .0035 #phone atdt913034944774 atdt913034944785 atdt913034944774 #phone atdt913034944812 atdt913034948497 atdt913034948022 # # Miscellaneous stuff # #enable auth monitor # enable the good stuff #driftfile /etc/ntp.drift # path for drift file #statsdir /beauregard/ntpstats/ # directory for statistics files #filegen peerstats file peerstats type day enable #filegen loopstats file loopstats type day enable #filegen clockstats file clockstats type day enable # # Authentication stuff # #keys /usr/local/etc/ntp.keys # path for keys file #trustedkey 3 4 5 6 14 15 # define trusted keys #requestkey 15 # key (7) for accessing server variables #controlkey 15 # key (6) for accessing server variables #authdelay 0.000163 # authentication delay (SPARC4c/40 IPC MD5) # ============================================================== # # NTP configuration file (ntp.conf) # # Generic configuration file for UDel NTP stratum-2 time servers. Don't # forget each server should have a /etc/ntp.drift and /etc/ntp.keys file. # # Stratum-1 peers. Each server should chime two different stratum-1 # servers from the following list. Each stratum-1 server should be used # only once. # #peer 128.8.10.1 # umd1.umd.edu #peer 18.72.0.3 version 2 # bitsy.mit.edu #peer 132.249.16.1 # fuzz.sdsc.edu #peer 128.118.46.3 version 2 # otc1.psu.edu #peer 128.9.2.129 # wwvb.isi.edu #peer 130.43.2.2 version 2 # apple.com #peer 16.1.0.22 # clepsydra.dec.com #peer 130.105.1.156 version 2 # clock.osf.orga #peer 128.96.60.5 version 2 # pi.bellcore.com #peer 128.4.1.1 # rackety.udel.edu #peer 129.116.3.5 # shorty.chpc.utexas.edu # # Stratum-2 peers. Each server should chime all of the others in this # list except itself. # #peer 128.175.1.1 # huey.udel.edu (VAX) #peer 128.175.1.2 # dewey.udel.edu (VAX) #peer 128.175.1.3 # louie.udel.edu (SPARC) #peer 128.175.2.15 # snow-white.ee.udel.edu (SPARC) #peer 128.175.7.4 # sol.cis.udel.edu (SPARC) # # Miscellaneous stuff # #enable auth monitor # enable the good stuff #driftfile /etc/ntp.drift # path for drift file # # Authentication stuff. Note the different authentication delay on # VAX and SPARC. # #keys /etc/ntp.keys # path for key file #trustedkey 1 2 15 # define trusted keys #requestkey 15 # key (7) for accessing server variables #controlkey 15 # key (6) for accessing server variables #authdelay 0.001501 # authentication delay (VAX) ##authdelay 0.000073 # authentication delay (SPARC) # ============================================================== # # NTP configuration file (ntp.conf) # grundoon.udel.edu (128.4.2.7) # # This machine can best be described as the kitchen sink. It has, in # addition to the baseboard tty ports ttya and ttyb, an 8-line # Serial/Parallel Interface (SPIF) with ports ttyz00 through ttyz07. The # configuration includes the following drivers, clock addresses and Unix # device names. # # Local Clock 127.127.1.0 /dev/audio # PST 1020 WWV/WWVH Receiver 127.127.3.1 /dev/pst1 # Spectracom 8170 WWVB Receiver 127.127.4.1 /dev/wwvb1 # Scratchbuilt CHU Receiver 127.127.7.1 /dev/chu1 # NIST ACTS modem 127.127.18.1 /dev/acts1 # # This machine has the kernel modifications described in the README.kern # file, as well as the tty_clk, tty_chu and ppsclock streams modules. # # Spectracom 8170/Netclock-2 WWVB receiver. This receiver is equipped # with a 1-pps and IRIG outputs. The 1-pps signal is connected via the # ppsclock streams module and the carrier detect line of the CHU # receiver below (ttyb). The IRIG signal is connected via an attenuator # to the audio port (/dev/audio). The propagation delay computed from # geographical coordinates is 8.8 ms, while the receiver delay # calibrated at the factory is 17.3 ms, for a total delay of 26.1 ms. # This is confirmed within 0.1 ms at the 1-pps signal output using a # portable cesium clock. We add a fudge time1 of 3.5 ms so the driver # time agrees with the 1-pps signal to within 1 ms. The fudge flag4 is # set to cause the receiver to dump the quality table once each day to # the clockstats file. # #server 127.127.4.1 # /dev/wwvb1 -> /dev/ttyz03 #fudge 127.127.4.1 time1 0.0035 flag4 1 # # # PST/Traconex 1020 WWV/WWVH Receier. The internal DIPswitches are set # as near as possible to the delays to WWV (8.8 ms) and WWVH (28.1 ms), # as computed from geographical coordinates. We add a fudge time1 of 5.9 # ms so the driver time agrees with the 1-pps signal to within 1 ms for # WWV. We also set the stratum to 1, so this receiver will not normally # be selected, unless the primary WWVB receiver comes unstuck. # #server 127.127.3.1 # /dev/pst1 -> ttyz05 #fudge 127.127.3.1 time1 0.0059 stratum 1 # # # NIST Automated Computer Time Service. This driver calls a special # telephone number in Boulder, CO, to fetch the time directly from the # NIST cesium farm. The details of the complicated calling program are # in the README.refclock file. The Practical Peripherals 9600SA modem # does not work correctly with the ACTS echo-delay scheme for # automatically calculating the propagation delay, so the fudge flag2 is # set to disable the feature. Instead, we add a fudge time1 of 65.0 ms # so that the driver time agrees with th e1-pps signal to within 1 ms. # The phone command specifies three alternate telephone numbers, # including AT modem command prefix, which will be tried one after the # other at each measurement attempt. In this case, a cron job is used to # set fudge flag1, causing a measurement attempt, every six hours. # #server 127.127.18.1 # /dev/acts1 -> /dev/ttyz00 #fudge 127.127.18.1 time1 0.0650 flag2 1 #phone atdt13034944774 atdt13034944785 atdt13034944774 # # # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. The # default stratum is usually 3, but in this case we elect to use stratum # 0. Since the server line does not have the prefer keyword, this driver # is never used for synchronization, unless no other other # synchronization source is available. In case the local host is # controlled by some external source, such as an external oscillator or # another protocol, the prefer keyword would cause the local host to # disregard all other synchronization sources, unless the kernel # modifications are in use and declare an unsynchronized condition. # #server 127.127.1.0 # local clock #fudge 127.127.1.0 stratum 10 # # Miscellaneous stuff. We enable authentication in order to prevent # #enable auth monitor # enable the good stuff #driftfile /etc/ntp.drift # path for drift file #statsdir /grundoon/ntpstats/ # directory for statistics files #filegen peerstats file peerstats type day enable #filegen loopstats file loopstats type day enable #filegen clockstats file clockstats type day enable # # # Authentication stuff # #keys /usr/local/ntp.keys # path for keys file #trustedkey 1 2 3 4 5 6 14 15 # define trusted keys #requestkey 15 # key (7) for accessing server variables #controlkey 15 # key (6) for accessing server variables #authdelay 0.000163 # authentication delay (SPARC4c/40 IPC MD5) # =============================================================== # # # NTP configuration file (ntp.conf) # # This is for a broadcast/multicast client. Except for the statistics # stuff, this can be done with only a commmand line of the form # # /usr/local/bin/xntpd -a -k /usr/local/bin/ntp.keys -m -t 3 # #multicastclient # listen on default 224.0.1.1 # # Miscellaneous stuff # #enable auth monitor # enable the good stuff #driftfile /etc/ntp.drift # path for drift file #statsdir /malarky/ntpstats/ # directory for statistics files #filegen peerstats file peerstats type day enable #filegen loopstats file loopstats type day enable #filegen clockstats file clockstats type day enable # # Authentication stuff # #keys /usr/local/bin/ntp.keys # path for key file #trustedkey 3 4 5 6 14 # define trusted keys #requestkey 14 # key (7) for accessing server variables #controlkey 14 # key (6) for accessing server variables #authdelay 0.000094 # authentication delay (Sun4c/50 IPX MD5) # ============================================================== # # NTP configuration file (ntp.conf) # pogo.udel.edu (128.4.1.20) # #server 127.127.10.1 prefer # austron 2201A gps receiver #peer 128.4.1.1 # rackety.udel.edu (Sun4c/40 IPC) #peer 128.4.1.2 # mizbeaver.udel.edu (Bancomm bc700LAN) #peer 128.4.1.4 # barnstable.udel.edu (Sun4c/65 SS1+) #peer 128.4.1.5 maxpoll 8 # churchy.udel.edu (cisco IGS router) #peer 132.163.135.130 maxpoll 8 # time_A.timefreq.bldrdoc.gov (Cesium) #peer 131.188.1.40 maxpoll 8 # ntps1-0.uni-erlangen.de (DCF77) #peer 129.132.2.21 maxpoll 8 # swisstime.ethz.ch (DCF77) #peer 130.155.98.13 maxpoll 8 # terss.ml.csiro.au (Cesium) #peer 192.36.143.150 maxpoll 8 # Time1.Stupi.SE (Cesium) # # Miscellaneous stuff # #enable auth monitor # enable the good stuff #precision -18 # clock reading precision (usec) #driftfile /etc/ntp.drift # path for drift file #statsdir /pogo/ntpstats/ # directory for statistics files #filegen peerstats file peerstats type day enable #filegen loopstats file loopstats type day enable #filegen clockstats file clockstats type day enable # # Authentication stuff # #keys /usr/local/bin/ntp.keys # path for keys file #trustedkey 3 4 5 6 14 # define trusted keys #requestkey 15 # key (7) for accessing server variables #controlkey 15 # key (6) for accessing server variables #authdelay 0.000159 # authentication delay (SPARC4c/65 SS1+ MD5)
Page completed on: Mon Mar 29 10:42:33 EDT 2021