Setup Linux ntpd Client Service . Installation

1. If you have not already done so, log on the console using:

Username: root Password: tartans@1

2. Open a terminal window by going to ‘Applications’ -> ‘Accessories’ -> ‘Terminal’.

3. The Network Time Protocol Daemon (ntpd) is installed with most Linux distributions.

You will create a cron job that will cause the Linux ntpd to periodically query Quebec’s ntp server and update the system time.

1.2 Configuration

1. Run the following command to see the current local system time. Hopefully, it is significantly different from the time server’s system time as this will explicitly demonstrate when the client becomes synchronized with the server:

# date

2. If the date is not significantly different from the time server’s system time, you can change the local client’s system time manually by entering the following command (you can change the system date and time to whatever you want):

# date -s "Fri Sep 12 14:38:19 EDT 2003"

3. The ntp configuration file must be modified to tell it which time server to use to update the system time. This file is located in the ‘/etc’ directory. To open the config file in the ‘vi’ text editor, enter:

# vi /etc/ntp.conf

4. In order to modify the file in the ‘vi’ editor, the [Insert] or [i] key must be pressed before trying to add or change text.

5. Scroll down to the section beginning with “# Use public servers” which is excerpted here:

Figure 1: Default NTP configuration file

Comment out the previous servers and add the following two lines at the end of this section:

restrict 10.0.2.1 mask 255.255.255.255 nomodify notrap noquery server 10.0.2.1 prefer

Configuring Network Time Protocol Daemon (ntpd)

Page 2 of 3 Foxtrot Task 2/6

Your section should look similar to the following:

Figure 2: Edited NTP configuration file

6. Save and exit the file. Press [Esc] and type :wq then press [Enter].

7. Now we need to cause ntpd to update to the ntp server time by modifying

/etc/ntp/step-tickers to run ntpdate when ntpd is started. Do this by running these two commands:

# echo "10.0.2.1" > /etc/ntp/step-tickers

8. The ‘step-tickers’ file should now contain only the ntp server’s IP address. The file contents can be viewed by entering this command:

# cat /etc/ntp/step-tickers

9. Enter the date command to see that the date is still incorrect.

10. If the ntpd service is not currently running, it must be started by entering the following command. If the service is currently running, replace ‘start’ with restart. NOTE:

Once the service is running, always remember to ‘restart’ after making any changes to the ntp config file. Otherwise, the service will continue to run according to the previous config file settings until the service is restarted. Later, we will be creating a cron job to periodically restart the service. For now, enter this command:

# service ntpd start

11. You should see these two messages:

Figure 3: Starting the NTP service

12. Enter the date command again to see that the time has been synchronized.

Note: This will only be successful after Quebec’s time server has been configured properly. Check with your teammates for its status.

13. The service can be verified and the current pid identified by entering:

# service ntpd status

14. Now, you are going to make sure that ntpd updates the system time regularly. Skew the local system time again by entering the following command that you entered earlier (up arrow to find this command and press enter):

# date -s "Fri Sep 12 14:38:19 EDT 2003"

15. A cron job must be created to cause the ntpd service to periodically query the time server and update the local system time accordingly. Enter this command to create the cron job file:

# crontab –u root –e

16. This file should automatically open using the ‘vi’ text editor again, so you must press the [Insert] or [i] key before you can add or modify text.

17. Insert the following line at the top of the file to set up a cron job that will execute every 10 minutes. You can review the ‘man 5 crontab’ pages to understand the crontab fields in more depth after you are done with this task. After the ntpd is verified to be up and running correctly, the first set of numbers can be changed to a

‘0’ to cause the cron job to run at the top of every hour (0^th minute of every hour) instead.

Make sure that there is a space after the 50 and between each ‘*’ and the ‘/’

character following them. There are no spaces between the initial set of numbers.

0,10,20,30,40,50 * * * * /etc/rc.d/init.d/ntpd restart

18. Press the [Enter] key at the end of the line to make sure that there is a blank line at the bottom of the file.

19. Now Save and exit the file. Press [Esc] and type :wq then press [Enter].

20. Entering the following command will create init scripts at run levels 3-5 to start the ntpd service every time the system is started up.

# chkconfig --level 345 ntpd on

21. Use the following command to verify that the ntpd service is turned on at run levels 3, 4, and 5:

# chkconfig --list | grep ntpd 22. Make sure that it looks like this:

Figure 4: NTP service startup run levels

23. Now, use the date command to see if the cron job has updated the system time. If not, wait a few more minutes and try again.

24. Once the remote centralized syslog server is installed and configured, we can review the logs that are generated from the Network Time Server process, which will show each time the client is updated and the offset amount by which it is updated.

This page left intentionally blank for pagination purposes

You have already performed preliminary hardening (by removing users, groups, etc) and now you will use Bastille-Linux to finish the task. Bastille allows you to easily modify many OS settings. In this task, you will apply a previously configured Bastille template file (analogous to the Security Configuration templates used on Windows) to our system.

1 Bastille Configuration