17492 2003-03-14 06:02 0000 /net-misc/ntp extended ntp.conf to include access restrictions 2003-07-23 18:08:13 0000 1 1 1 Unclassified Gentoo Linux Ebuilds unspecified All Linux RESOLVED FIXED P2 normal --- 1 gentoo-bugs@seyffer.de seemant@gentoo.org gentoo-bugs@seyffer.de 2003-03-14 06:02:19 0000 Hello, I just emerged ntp and found that the included config template is a bit "minimalistic" as it does not include any access restrictions or hints to configure them at all. So please find attached a suggestion for an updated ntpd.conf template. Thanks. Daniel PS: By the way...trivial but also check the einfo output of the ebuild - or is this meant to stress "RTFM"? ;-) --- Quote --- [...] * Please run etc-update and then read all the comments * all the comments in /etc/ntp.conf and [...] --- /Quote --- Reproducible: Always Steps to Reproduce: 1. 2. 3. gentoo-bugs@seyffer.de 2003-03-14 06:04:07 0000 Created an attachment (id=9374) Suggestion for an updated ntp.conf template. Diff: *** /usr/share/ntp/ntp.conf Fri Mar 14 11:43:12 2003 --- ntp.conf Fri Mar 14 11:42:30 2003 *************** *** 19,21 **** --- 19,53 ---- # you should not need to modify the following paths logfile /var/log/ntpd.log driftfile /var/lib/misc/ntp.drift + + + # Warning: Using default NTP settings will leave your NTP + # server accessible to all hosts on the Internet. + + # + # If you want to deny all machines from accessing + # your NTP server, uncomment: + # + #restrict default ignore + + + # To only deny other machines from changing the + # configuration but allow localhost uncomment: + # + #restrict default notrust nomodify + #restrict 127.0.0.1 + + + # To allow machines within your network to synchronize + # their clocks with your server, but ensure they are + # not allowed to configure the server or used as peers + # to synchronize against, uncomment this line. + # + #restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap + + + # To only deny other machines from changing the + # configuration but allow localhost uncomment: + # + #restrict default notrust nomodify + #restrict 127.0.0.1 seemant@gentoo.org 2003-03-14 06:12:17 0000 thanks daniel, will look into this gentoo-bugs@seyffer.de 2003-03-14 06:34:11 0000 Another but rather trivial suggestion that just came to my mind, would be to consider adding an example for setting a "prefer" statement to the server part of the configuration when using multiple servers, similar to: #server ntplocal.example.com prefer #server timeserver.example.org Thanks. :-) seemant@gentoo.org 2003-03-18 02:20:15 0000 changed in portage, thanks Daniel vapier@gentoo.org 2003-07-23 18:08:13 0000 the extra einfo is a 'rtfm' msg simply because people were not doing so and were filing bugs/complaining on mailing lists + forums i added the einfo so as to quiet them ;) 9374 2003-03-14 06:04 0000 Suggestion for an updated ntp.conf template. ntp.conf text/plain IyBOT1RFUzoKIyAgLSB5b3Ugc2hvdWxkIG9ubHkgaGF2ZSB0byB1cGRhdGUgdGhlIHNlcnZlciBs aW5lIGJlbG93CiMgIC0gaWYgeW91IHN0YXJ0IGdldHRpbmcgbGluZXMgbGlrZSAncmVzdHJpY3Qn IGFuZCAnZnVkZ2UnCiMgICAgYW5kIHlvdSBkaWRudCBhZGQgdGhlbSwgQU5EIHlvdSBydW4gZGhj cGNkIG9uIHlvdXIKIyAgICBuZXR3b3JrIGludGVyZmFjZXMsIGJlIHN1cmUgdG8gYWRkICctWSAt TicgdG8gdGhlCiMgICAgZGhjcGNkX2V0aFggdmFyaWFibGVzIGluIC9ldGMvY29uZi5kL25ldAoK IyBOYW1lIG9mIHRoZSBzZXJ2ZXJzIG50cGQgc2hvdWxkIHN5bmMgd2l0aAojIFBsZWFzZSByZXNw ZWN0IHRoZSBhY2Nlc3MgcG9saWN5IGFzIHN0YXRlZCBieSB0aGUgcmVzcG9uc2libGUgcGVyc29u Lgojc2VydmVyCQludHAuZXhhbXBsZS50bGQJCWlidXJzdAoKIyMKIyBBIGxpc3Qgb2YgYXZhaWxh YmxlIHNlcnZlcnMgaXMgYXZhaWxhYmxlIGhlcmU6CiMgaHR0cDovL3d3dy5lZWNpcy51ZGVsLmVk dS9+bWlsbHMvbnRwL3NlcnZlcnMuaHRtbAojIFBsZWFzZSBmb2xsb3cgdGhlIHJ1bGVzIG9mIGVu Z2FnZW1lbnQgYW5kIHVzZSBhCiMgU3RyYXR1bSAyIHNlcnZlciAodW5sZXNzIHlvdSBxdWFsaWZ5 IGZvciBTdHJhdHVtIDEpCiMjCgojIHlvdSBzaG91bGQgbm90IG5lZWQgdG8gbW9kaWZ5IHRoZSBm b2xsb3dpbmcgcGF0aHMKbG9nZmlsZQkJL3Zhci9sb2cvbnRwZC5sb2cKZHJpZnRmaWxlCS92YXIv bGliL21pc2MvbnRwLmRyaWZ0CgoKIyBXYXJuaW5nOiBVc2luZyBkZWZhdWx0IE5UUCBzZXR0aW5n cyB3aWxsIGxlYXZlIHlvdXIgTlRQIAojICAgICAgICAgIHNlcnZlciBhY2Nlc3NpYmxlIHRvIGFs bCBob3N0cyBvbiB0aGUgSW50ZXJuZXQuCgojCiMgSWYgeW91IHdhbnQgdG8gZGVueSBhbGwgbWFj aGluZXMgZnJvbSBhY2Nlc3NpbmcgCiMgeW91ciBOVFAgc2VydmVyLCB1bmNvbW1lbnQ6CiMKI3Jl c3RyaWN0IGRlZmF1bHQgaWdub3JlCgoKIyBUbyBvbmx5IGRlbnkgb3RoZXIgbWFjaGluZXMgZnJv bSBjaGFuZ2luZyB0aGUKIyBjb25maWd1cmF0aW9uIGJ1dCBhbGxvdyBsb2NhbGhvc3QgdW5jb21t ZW50OgojCiNyZXN0cmljdCBkZWZhdWx0IG5vdHJ1c3Qgbm9tb2RpZnkKI3Jlc3RyaWN0IDEyNy4w LjAuMQoKCiMgVG8gYWxsb3cgbWFjaGluZXMgd2l0aGluIHlvdXIgbmV0d29yayB0byBzeW5jaHJv bml6ZQojIHRoZWlyIGNsb2NrcyB3aXRoIHlvdXIgc2VydmVyLCBidXQgZW5zdXJlIHRoZXkgYXJl CiMgbm90IGFsbG93ZWQgdG8gY29uZmlndXJlIHRoZSBzZXJ2ZXIgb3IgdXNlZCBhcyBwZWVycwoj IHRvIHN5bmNocm9uaXplIGFnYWluc3QsIHVuY29tbWVudCB0aGlzIGxpbmUuCiMKI3Jlc3RyaWN0 IDE5Mi4xNjguMS4wIG1hc2sgMjU1LjI1NS4yNTUuMCBub3RydXN0IG5vbW9kaWZ5IG5vdHJhcAoK CiMgVG8gb25seSBkZW55IG90aGVyIG1hY2hpbmVzIGZyb20gY2hhbmdpbmcgdGhlCiMgY29uZmln dXJhdGlvbiBidXQgYWxsb3cgbG9jYWxob3N0IHVuY29tbWVudDoKIwojcmVzdHJpY3QgZGVmYXVs dCBub3RydXN0IG5vbW9kaWZ5CiNyZXN0cmljdCAxMjcuMC4wLjEK