Linux系统搭建NTP服务器教程

Linux系统搭建NTP服务器教程实施环境服务器配置：虚拟机，2cpu,2G内存,50G硬盘linux系统：CentOSrelease7.6.1810服务器IP:10.1.0・145步骤一：操作系统安装步骤略过，进入操作系统，首先手动配置IP地址#vi/etc/sysconfig/network-scripts/ifcfg-eth0注：最后一个ifcfg-eth0为网卡名称需配置的几个关键参数如上图红色地方。修改后重启一下网络服务即可##systemctlrestartnetwork步骤二：安装NTP服务1、检查该系统是否已安装NTP服务rpm-qntp已安装，可直接编辑/etc/ntp.conf配置文件。2、如未安装，使用如下命令在线安装。#yuminstallntpdatentp-y安装完可用1的命令再检查是否安装成功。步骤三：修改ntp配置文件，红色字体是修改项。vi/etc/ntp.confFormoreinformationaboutthisfile,seethemanpagesntp.conf⑸，ntp_acc(5),ntp_auth(5),ntp_clock(5),ntp_misc(5),ntp_mon(5).driftfile/var/lib/ntp/drift新增：日志目录.不需要可不配置logfile/var/log/ntpd.logPermittimesynchronizationwithourtimesource,butdonotpermitthesourcetoqueryormodifytheserviceonthissystem.restrictdefaultnomodifynotrap#允许所有客户端同步时间Permitallaccessovertheloopbackinterface.Thiscouldbetightenedaswell,buttodosowouldeffectsomeoftheadministrativefunctions.restrictrestrict::1Hostsonlocalnetworkarelessrestricted.restrictmasknomodifynotrap这一行的含义是授权网段的客户端可以从这台机器上查询和同步时间.需将上一条命令注释掉restrictmasknomodifynotrapUsepublicserversfromtheproject.Pleaseconsiderjoiningthepool(/join.html).server0.iburstserver1.iburstserver2.iburstserver3.iburst#新增：配置国内公共的时间服务器列表.也可换成别的地址server#broadcast55autokey#broadcastserver#broadcastclient#broadcastclient#broadcastautokey#multicastserver#multicastclient#multicastclient#manycastserver54#manycastserver#manycastclient54autokey#manycastclientEnablepublickeycryptography.#cryptoincludefile/etc/ntp/crypto/pwKeyfilecontainingthekeysandkeyidentifiersusedwhenoperatingwithsymmetrickeycryptography.keys/etc/ntp/keysSpecifythekeyidentifierswhicharetrusted.trustedkey4842Specifythekeyidentifiertousewiththentpdcutility.requestkey8Specifythekeyidentifiertousewiththentpqutility.controlkey8Enablewritingofstatisticsrecords.statisticsclockstatscryptostatsloopstatspeerstatsDisablethemonitoringfacilitytopreventamplificationattacksusingntpdcmonlistcommandwhendefaultrestrictdoesnotincludethenoqueryflag.SeeCVE-2013-5211formoredetails.#Note:Monitoringwillnotbedisabledwiththelimitedrestrictionflag.disablemonitor注：修改后记得保存配置文件。restrict控制相关权限。语法为：restrictIP地址mask子网掩码参数其中IP地址也可以是default，default就是指所有的IP。参数有以下几个：ignore:关闭所有的NTP联机服务nomodify：客户端不能更改服务端的时间参数，但是客户端可以通过服务端进行网络校时。notrust：客户端除非通过认证，否则该客户端来源将被视为不信任子网

noquery:不提供客户端的时间查询：用户端不能使用ntpq,ntpc等命令来查询ntp服务器notrap:不提供trap远端登陆：拒绝为匹配的主机提供模式6控制消息陷阱服务。陷阱服务是ntpdq控制消息协议的子系统，用于远程事件日志记录程序。nopeer:用于阻止主机尝试与服务器对等，并允许欺诈性服务器控制时钟kod：访问违规时发送KoD包。restrict-6表示IPV6地址的权限设置。步骤四：设置NTP服务开机启动#systemctlenablentpd#systemctlenablentpdate#systemctlis-enabledntpd[rcHJt&localhost〜systemctlenablentpdcireatGdsyimliinkfroni/etc/sysremd/systan/rnulr1-lis-br.target.^lanrs/ntpd.serv1ceto/usr/lib/sy&temd/system/ntpd.service.[ro-ot&lociailhost-]#5y5temctleinablentpdatecireicLiitidsytnl1inkfrom/ei scemd/system/miull1-usertlairget.taaims/nxpdateaseirvicano/usr/Hb/systemd/gystem/initpdate.service-步骤五：启用ntp服务//启动服务systemctlstartntpd〃查看NTP服务运行状态systemctlstatusntpd[roorftloca1host■■ntpd.servicesremcTi门育用「同・1nadprlf'/iir/HUIh/Active:active(rurningiail昨鞫工。|13后*§ CGroup;[roorftloca1host■■ntpd.servicesremcTi门育用「同・1nadprlf'/iir/HUIh/Active:active(rurningiail昨鞫工。|13后*§ CGroup;/system,siice/rtp1—13645/usr/sbin/ntpd-urrtp:nrp-gQ04埼$$$<44445122222222220--K月月月月月月月nr月nrrtaa九丸九丸九丸丸丸丸丸HltrL1IX11JL22222211OJal22c1.11,1111-yin122222222331b24”24242424244053"Iocalt>osi:r1ocaldomainmpd1oca!host1ocaldomainntpd"Iocal,1ocaldomainnrpd1ocalhost.1ocaldomainntpd"Ioc^lh&snr1ocaldomainmpd1acaihost.1Dealdomainntpd1ocalhost.1ocaldomainmpd1acaihost.1DealdomainntpdIoc^lhost.1ocaldomainmpd"Iacaihost-1ocaldomainntpdwereell-ipsized।use一]to13645]：13M51:11645]：13M51:13645J：1364SI!136451：HWEI;13545]:11&453:showinLisiennorrtiaHyonListemnorrrkallyonListennorrnallycxi5eThQfeSO：：2ab3ia5a2;122f,,-123Listeningon0,-0,0r0O.O.O.OO.-D.O.Oo.n.o.ofull.而有c012C1>11c61406120615routingsocketmfd#22resrarifreq_Eatkernel0.000frecLnoi-serft-eq^mndefreq_seckernel0.576clock_syncf-orirrte.』.tesPPMPPM注：红色框的几个地方，状态active(running)说明服务运行，右下角红色框为监听端口UDP123。步骤六：本机防火墙放行UDP123端口。Centos7安装完默认防火墙是启用状态，并且未放行业务端口，需手动放行端口或关闭防火墙，为了服务器安装，建议采用放行端口的方式。firewall-cmd--permanent--add-service=ntpfirewall-cmd-reload〃增加放行端口必须要reload不然没生效NTP服务器配置完成。测试：NTP客户端：windows7系统

如