NTP server
NTP (Network Time Protocol) Network Time Protocol [], which is used to synchronize the network time protocol for each computer, which can provide high precision time correction (the difference between the standard of less than 1 millisecond over LAN, you on the WAN dozens ms), and may be identified by via encryption to prevent malicious protocol attacks. NTP port services is 123, using the UDP protocol, NTP server firewall must open the UDP port 123.
iptables -A INPUT -p udp -m udp --dport 123 -j ACCEPTFeature presentation
NTP provides precise time, we must first have an accurate source of time, this time should be the international standard time UTC. NTP access to UTC time source can be atomic clocks, observatory, satellite, and is also available on the Internet. So there is an accurate and reliable time source. Time spread by grade NTP server. According to the distance from all the servers included in external UTC source different from a Stratum (layer). Stratum-1 at the top, external access to UTC, and Stratum-2 from Stratum-1 acquisition time, Stratum-3 acquisition times from Stratum-2, and so on, but the total number Stratum layer is limited to 15. All of these form a stepped architecture servers logically connected to each other, and Stratum-1 is the time of the server system-wide basis.
Typically, the host computer connected with a plurality of time servers, using statistical algorithms filtration time from different servers, to select the best path and the source host to correct the time. In the case of a long time even if the host can not be linked to a time server, NTP services still operate effectively.
NTP stratum level
Local time and equipment even if the remote server can synchronize time, there will millisecond error, and if they remote time server, and then re-synchronize themselves to others, it means someone else's time error may be greater. Here, there will be a level of accuracy of time, NTP Cisco equipment to such a level of precision called stratum, if the stratum value is greater, it means the worse the precision, accuracy stratum smaller the value, the better. For example, a remote time server stratum is 2, the local device and synchronize it, own stratum is 3, he sent some accuracy, if the other device again and then synchronize themselves, so it gets stratum is 4, it means that the accuracy is worse, and as a local area network time service provider, usually the stratum is set to 10 (stratum 10 is conventional for unsynchronized local clocks; it is high enough that nobody is likely to mistake it for a desirable clock to synchronize with .).
Time zone Introduction
GMT: Greenwich Mean Time, (the old translation of Greenwich Mean Time or GMT; English: Greenwich Mean Time, GMT) refers to standard time in the UK outside London's Royal Greenwich Observatory, because the prime meridian is defined by there warp.
UTC: Time, also known as the world standard time or Coordinated Universal Time, abbreviated UTC, from the English "Coordinated Universal Time" / French "Temps Universel Cordonné" from. Coordinated Universal second length when in atomic basis a time measurement system in the world time as close as possible.
ISO: Standard Time
CST: Beijing, also known as China Standard Time, is China's standard time. In the time zone division, is the East eight districts, more than 8 hours earlier Coordinated Universal Time, denoted as UTC + 8, and the Chinese National Standards Time (formerly known as the "Central Standard Time"), Hong Kong and Macau time and the same time. When 0:00 am GMT, just as the Chinese Standard Time 8:00 am.
Time zone relationship
CET=UTC/GMT + 1小时
CST=UTC/GMT +8 小时
CST=CET+9
例如: Thursday 03/17/2011 between 0:30am and 6:00am CET (UTC/GMT +1 hour)
CET=03/17/2011 0:30am and 6:00am
CST=03/17/2011 9:30am and 15:00am
UTC/GMT =03/17/2011 1:30am and 7:00am
NTP server set up
Server ip 10.10.10.11/24
client ip 10.10.10.0/24
1, server configuration
[root@NTP ~]# yum -y install ntp
[root@NTP ~]# vim /etc/ntp.conf
restrict 10.10.10.0 mask 255.255.255.0 nomodify notrap
server 127.127.1.0
fudge 127.127.1.0 stratum 10
[root@NTP ~]# date -s 20160202 修改时间
[root@NTP ~]# ntpdate cn.pool.ntp.org 或者同步网络时间
[root@NTP ~]# /etc/init.d/ntpd restart 启动服务CentOS 6
[root@NTP ~]# systemctl restart ntpd 启动服务CentOS 7
[root@NTP ~]# ntpdate -u cn.pool.ntp.org 2, the client configuration
[root@Test ~]# yum -y install ntpdate
同步时间,指定ip时间同步服务器
[root@Test ~]# ntpdate -u 10.10.10.11
客户机写入定时任务,自动每分钟同步一次时间
[root@Test ~]# echo '* * * * * root /usr/sbin/ntpdate -u 10.10.10.11 &>/dev/null' >> /etc/crontab
Profiles
-rw-r--r-- 1 root root 2000 9月 23 2017 /etc/ntp.conf#在与上级时间服务器联系时所花费的时间,记录在driftfile参数后面的文件内
driftfile /var/lib/ntp/drift
#我们对于默认的客户端拒绝所有的操作
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
#开启内部递归网络接口lo 即允许本机地址一切的操作
restrict 127.0.0.1
restrict -6 ::1
#允许局域网内所有客户端连接到这台服务器同步时间.但是拒绝让他们修改服务器上的时间
restrict 10.10.10.0 mask 255.255.255.0 nomodify notrap
#指明局域网中作为NTP服务器的IP
service 10.10.10.11
#互联网上的三个ntp服务器
server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
#当服务器与公用的时间服务器失去联系时(连不上网),以局域网的时间服务器为客户端提供时间同步服务
server 127.127.1.0
fudge 127.127.1.0 stratum 10
*****restrict参数*****
#kod 使用kod技术防范“kiss of death”攻击
#ignore 拒绝任何NTP连接
#nomodify 用户端不能使用ntpc,ntpq修改时间服务器参数,但是可以进行网络校时
#noquery 用户端不能使用ntpc,ntpq查询时间服务器参数,不可以进行网络校时
#notrap 不提供远程日志功能
#notrust 拒绝没有认证的客户端