summaryrefslogtreecommitdiff
path: root/source/n/ntp/ntp.conf
diff options
context:
space:
mode:
Diffstat (limited to 'source/n/ntp/ntp.conf')
-rw-r--r--source/n/ntp/ntp.conf32
1 files changed, 21 insertions, 11 deletions
diff --git a/source/n/ntp/ntp.conf b/source/n/ntp/ntp.conf
index 1844fb91..e88603c1 100644
--- a/source/n/ntp/ntp.conf
+++ b/source/n/ntp/ntp.conf
@@ -1,4 +1,5 @@
# Sample /etc/ntp.conf: Configuration file for ntpd.
+
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
@@ -22,12 +23,27 @@ fudge 127.127.1.0 stratum 10
#server 3.pool.ntp.org iburst
#
+# Full path of a directory where statistics files should be created
+#
+statsdir /var/lib/ntp/stats
+
+#
+# Location of an alternate log file to be used instead of the default system syslog(3) facility
+#
+logfile /var/log/ntp
+
+#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
-driftfile /etc/ntp/drift
+driftfile /var/lib/ntp/drift
+
+#
+# Location of PID file
+#
+pidfile /var/run/ntpd.pid
#
# Uncomment to use a multicast NTP server on the local subnet:
@@ -37,12 +53,13 @@ driftfile /etc/ntp/drift
#
# Keys file. If you want to diddle your server at run time, make a
-# keys file (mode 600 for sure) and define the key number to be
-# used for making requests.
+# keys file (mode 640 owned by root:ntp) and define the key number to
+# be used for making requests.
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will.
#
-#keys /etc/ntp/keys
+#keysdir /etc
+#keys /etc/ntp.keys
#trustedkey 65535
#requestkey 65535
#controlkey 65535
@@ -59,13 +76,6 @@ restrict -6 default limited kod nomodify notrap nopeer noquery
#restrict -6 default limited kod nomodify notrap nopeer
#
-# Disable the ntpdc -c monlist command, which is insecure and can be used
-# to cause a denial of service attack (CVE-2013-5211). Future versions of
-# NTP will remove this command.
-# (this feature was disabled by default with ntpd 4.2.7p230)
-disable monitor
-
-#
# Trust ourselves. :-)
restrict 127.0.0.1
restrict ::1