diff --git a/examples/chrony.conf.example2 b/examples/chrony.conf.example2 index 45c67c1..2d4421f 100644 --- a/examples/chrony.conf.example2 +++ b/examples/chrony.conf.example2 @@ -21,12 +21,6 @@ rtcsync # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys -# Disable logging of client accesses. -noclientlog - -# Send message to syslog when clock adjustment is larger than 0.5 seconds. -logchange 0.5 - # Specify directory for log files. logdir /var/log/chrony diff --git a/examples/chrony.conf.example3 b/examples/chrony.conf.example3 index f1c2d48..feeb8e7 100644 --- a/examples/chrony.conf.example3 +++ b/examples/chrony.conf.example3 @@ -5,22 +5,6 @@ # want to enable. The more obscure options are not included. Refer # to the documentation for these. # -# Copyright 2002 Richard P. Curnow -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of version 2 of the GNU General Public License as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# ####################################################################### ### COMMENTS # Any of the following lines are comments (you have a choice of @@ -207,6 +191,13 @@ driftfile /var/lib/chrony/drift ! clientloglimit 4194304 +# By default, chronyd tries to respond to all valid NTP requests from +# allowed addresses. If you want to limit the response rate for NTP +# clients that are sending requests too frequently, uncomment and edit +# the following line. + +! limitrate interval 3 burst 8 + ####################################################################### ### REPORTING BIG CLOCK CHANGES # Perhaps you want to know if chronyd suddenly detects any large error @@ -233,6 +224,7 @@ driftfile /var/lib/chrony/drift # By default chronyd binds to the loopback interface. Uncomment the # following lines to allow receiving command packets from remote hosts. + ! bindcmdaddress 0.0.0.0 ! bindcmdaddress :: @@ -248,6 +240,11 @@ driftfile /var/lib/chrony/drift # syntax and meaning is the same as for 'allow' and 'deny', except that # 'cmdallow' and 'cmddeny' control access to the chronyd's command port. +# Rate limiting can be enabled also for command packets. (Note, +# commands from localhost are never limited.) + +! cmdratelimit interval 1 burst 16 + ####################################################################### ### REAL TIME CLOCK # chronyd can characterise the system's real-time clock. This is the diff --git a/examples/chrony.keys.example b/examples/chrony.keys.example index e6660ae..2dd19cd 100644 --- a/examples/chrony.keys.example +++ b/examples/chrony.keys.example @@ -1,15 +1,12 @@ # This is an example chrony keys file. It is used for NTP authentication with # symmetric keys. It should be readable only by root or the user to which -# chronyd is configured to switch to. +# chronyd is configured to switch to after start. # -# Don't use the example keys! The keys need to be random for maximum security. -# These shell commands can be used to generate random MD5 and SHA1 keys on -# systems which have the /dev/urandom device: -# echo "1 MD5 HEX:$(tr -d -c '[:xdigit:]' < /dev/urandom | head -c 32)" -# echo "1 SHA1 HEX:$(tr -d -c '[:xdigit:]' < /dev/urandom | head -c 40)" +# Don't use the example keys! It's recommended to generate random keys using +# the chronyc keygen command. # Examples of valid keys: -#1 ALongAndRandomPassword -#2 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC -#3 SHA1 HEX:1DC764E0791B11FA67EFC7ECBC4B0D73F68A070C +#1 MD5 AVeryLongAndRandomPassword +#2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F +#3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995