faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

examples: update for removed cmdmon authentication

Browse source
This commit is contained in:
Miroslav Lichvar 2015-08-26 09:49:19 +02:00
parent b9cfdaf666
commit eb0c7e33d2
5 changed files with 16 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
examples/chrony.conf.example2
View file

@ -18,14 +18,8 @@ rtcsync
# Serve time even if not synchronized to any NTP server. # Serve time even if not synchronized to any NTP server.
#local stratum 10 #local stratum 10
# Specify file containing keys for NTP and command authentication. # Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys #keyfile /etc/chrony.keys
# Specify key number for command authentication.
commandkey 1
# Generate new command key on start if missing.
generatecommandkey
# Disable logging of client accesses. # Disable logging of client accesses.
noclientlog noclientlog

25
examples/chrony.conf.example3
View file

@ -95,24 +95,10 @@
driftfile /var/lib/chrony/drift driftfile /var/lib/chrony/drift
# If you want to use the program called chronyc to configure aspects of # If you want to enable NTP authentication with symmetric keys, you will need
# chronyd's operation once it is running (e.g. tell it the Internet link # to uncomment the following line and edit the file to set up the keys.
# has gone up or down), you need a password. This is stored in the
# following keys file. (You also need keys to support authenticated NTP
# exchanges between cooperating machines.) Again, this option is
# assumed by default.
keyfile /etc/chrony.keys ! keyfile /etc/chrony.keys
# Tell chronyd which numbered key in the file is used as the password
# for chronyc. (You can pick any integer up to 2**32-1. '1' is just a
# default. Using another value will _NOT_ increase security.)
commandkey 1
# With this directive a random password will be generated automatically.
generatecommandkey
# chronyd can save the measurement history for the servers to files when # chronyd can save the measurement history for the servers to files when
# it it exits. This is useful in 2 situations: # it it exits. This is useful in 2 situations:
@ -262,11 +248,6 @@ generatecommandkey
# syntax and meaning is the same as for 'allow' and 'deny', except that # syntax and meaning is the same as for 'allow' and 'deny', except that
# 'cmdallow' and 'cmddeny' control access to the chronyd's command port. # 'cmdallow' and 'cmddeny' control access to the chronyd's command port.
# NOTE, even if the host where you run chronyc is granted access, you
# still need a command key set up and you have to know the password to
# put into chronyc to allow you to modify chronyd's parameters. By
# default all you can do is view information about chronyd's operation.
####################################################################### #######################################################################
### REAL TIME CLOCK ### REAL TIME CLOCK
# chronyd can characterise the system's real-time clock. This is the # chronyd can characterise the system's real-time clock. This is the

30
examples/chrony.keys.example
View file

@ -1,29 +1,15 @@
####################################################################### # This is an example chrony keys file. It is used for NTP authentication with
# symmetric keys. It should be readable only by root or the user to which
# chronyd is configured to switch to.
# #
# This is an example chrony keys file. You should copy it to /etc/chrony.keys # Don't use the example keys! The keys need to be random for maximum security.
# after editing it to set up the key(s) you want to use. It should be readable # These shell commands can be used to generate random MD5 and SHA1 keys on
# only by root or the user chronyd drops the root privileges to. In most # systems which have the /dev/urandom device:
# situations, you will require a single key (the 'commandkey') so that you can # echo "1 MD5 HEX:$(tr -d -c '[:xdigit:]' < /dev/urandom | head -c 32)"
# supply a password to chronyc to enable you to modify chronyd's operation # echo "1 SHA1 HEX:$(tr -d -c '[:xdigit:]' < /dev/urandom | head -c 40)"
# whilst it is running.
#
# Copyright 2002 Richard P. Curnow
#
######################################################################
# Examples of valid keys: # Examples of valid keys:
#1 ALongAndRandomPassword #1 ALongAndRandomPassword
#2 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC #2 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC
#3 SHA1 HEX:1DC764E0791B11FA67EFC7ECBC4B0D73F68A070C #3 SHA1 HEX:1DC764E0791B11FA67EFC7ECBC4B0D73F68A070C
# The keys should be random for maximum security. If you wanted to use a key
# with ID 1 as your commandkey (i.e. chronyc password) you would put
# "commandkey 1" into chrony.conf. If no commandkey is present in the keys
# file and the generatecommandkey directive is specified in chrony.conf,
# a random commandkey will be generated and added to the keys file
# automatically on chronyd start.
# You might want to define more keys if you use the authentication facility
# in the network time protocol to authenticate request/response packets between
# trusted clients and servers.

2
examples/chrony.logrotate
View file

@ -3,6 +3,6 @@
nocreate nocreate
sharedscripts sharedscripts
postrotate postrotate
/usr/bin/chronyc -a cyclelogs > /dev/null 2>&1 || true /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
endscript endscript
} }

4
examples/chrony.nm-dispatcher
View file

@ -6,12 +6,12 @@ export LC_ALL=C
if [ "$2" = "up" ]; then if [ "$2" = "up" ]; then
/sbin/ip route list dev "$1" | grep -q '^default' && /sbin/ip route list dev "$1" | grep -q '^default' &&
/usr/bin/chronyc -a online > /dev/null 2>&1 /usr/bin/chronyc online > /dev/null 2>&1
fi fi
if [ "$2" = "down" ]; then if [ "$2" = "down" ]; then
/sbin/ip route list | grep -q '^default' || /sbin/ip route list | grep -q '^default' ||
/usr/bin/chronyc -a offline > /dev/null 2>&1 /usr/bin/chronyc offline > /dev/null 2>&1
fi fi
exit 0 exit 0