Linux sysadmin skills - too much time on your hands

Linux sysadmin skills - too much time on your hands

We don't often think about it, but having the correct time on our systems is critical. From small errors, to big fails, to security breaches, managing time securely is a critical sysadmin skill.

For years I've been in the habit of typing the following whenever I login to a system I'm working on. From a root prompt:
ntpdate -u pool.ntp.org
Actually, I usually use time.nrc.ca for servers in Canada and tick.usno.navy.mil for US systems but pool.ntp.org is a public time server pool that will work well for anyone, anywhere.
I follow that command with this one.
hwclock --systohc
(that's two dashes)

The first command reaches out to one of the official time servers on the Internet and uses it to set the local system clock to match. The -u just assures that it will work even if the system is already running a time daemon.
The second command takes the newly atomic clock accurate system clock time and stores it in the computer's hardware clock, assuring that they are in sync and that the system will still have an accurate clock upon reboot.
These two commands are something you can type into your system any time you want to update it's clock. It wouldn't hurt for regular home users to type them once a week.
Why not a script you ask? Good question. For two reasons.
The first reason is diagnostic. when you type the first command you'll get output like shown.
# ntpdate -u time.nrc.ca
16 Jun 14:53:21 ntpdate[16201]: adjust time server 132.246.11.238 offset 0.007741 sec

You can see that the command returns some information including the newly set time, the server IP used, and how far off your system clock was. In this case you can see that my clock was very close to correct, probably closer than the fine grained accuracy of the hardware clock. What this tells me is that my system is keeping time correctly and that there are likely no problems with the system timing or the hardware clock.
If there were an offset of minutes or more then you may want to start some system diagnostics, starting with your motherboard's CMOS battery.

The second reason not to put this into a script is that on most modern Linux/UNIX distributions, there is already a system in place to automate this. You'll need to look at using that system and this article is a start on how to do it securely.
Another thing that I do on most networks is to designate one or two servers as local time servers. The rest of the computers on the network use one of those two, setup as primary and backup, time servers to set their clocks. The reason for doing it this way it to be polite and reduce the load on the public time servers, and also to reduce your own network bandwidth usage and security risks.

The linked article covers using ntpd in more depth and with a focus on security as the ntp protocol is often a vector of attack.

#Linux   #Unix   #NTP #Time  
http://www.linux-server-security.com/linux_servers_howtos/linux_ntp_time_servers.html