Table of Contents

Linux Timekeeping

ntpdate pool.ntp.org

ntpq -p

ntpstat

grep ntp /var/log/messages

Ubuntu

https://linuxconfig.org/how-to-change-timezone-on-ubuntu-18-04-bionic-beaver-linux

https://feeding.cloud.geek.nz/posts/time-synchronization-with-ntp-and-systemd/

:!: systemd-timesyncd is a client-only, lightweight, simple, replacement for ntpd. It cannot act as a time server.

timedatectl set-timezone America/Phoenix

timedatectl status
systemctl restart systemd-timesyncd.service

CentOS

Here we:

  1. Set the correct timezone
  2. Set the actual time
  3. Set the NTP daemon to automatically start on system boot
  4. Start the NTP daemon
  5. Verify the NTP daemon is working properly
rm /etc/localtime

ln -s /usr/share/zoneinfo/America/Phoenix /etc/localtime

ntpdate pool.ntp.org

chkconfig ntpd on
service ntpd start

tail /var/log/messages

SME Server

Already functions as NTP server.

cat /var/log/ntpd/current |tai64nlocal

Ubuntu

sudo apt-get install ntp

sudo service ntp restart

Server Preference

Setting a local time server may noticeably speed up boot times.

Edit /etc/ntp.conf and add a line for your preferred server:

vi /etc/ntp.conf


server 192.168.2.1 prefer

If the initscripts run ntpdate, you can replace /etc/ntp/step-tickers:

sudo cp -a /etc/ntp/step-tickers /etc/ntp/step-tickers.orig

sudo vim /etc/ntp/step-tickers

192.168.2.1

NTP Servers

0.us.pool.ntp.org 
1.us.pool.ntp.org
2.us.pool.ntp.org
3.us.pool.ntp.org

Local Network Server

Edit the config file, uncomment and modify:

vim /etc/ntp.conf

# Hosts on local network are less restricted.
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap
broadcast 192.168.2.255
sudo service ntpd restart

Public Server

https://www.digitalocean.com/community/tutorials/how-to-configure-ntp-for-use-in-the-ntp-pool-project-on-ubuntu-16-04

Firewall

Open UDP port 123 on the firewall:

http://www.ghidinelli.com/2008/09/25/iptables-firewall-rules-for-ntpd-time-synchronization

/sbin/iptables -A INPUT -p udp -s 192.168.30.0/24 --dport 123 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --sport 123 -j ACCEPT

service iptables save

or:

system-config-securitylevel-tui

123:udp

netstat -uapn|grep 123