Date: Thu, 19 Aug 1999 16:17:20 -0600 From: Brett Glass <brett@lariat.org> To: Archie Cobbs <archie@whistle.com>, Goran.Lowkrantz@infologigruppen.se (Lowkrantz Goran) Cc: freebsd-security@FreeBSD.ORG ('freebsd-security@FreeBSD.ORG') Subject: Re: Securelevel 3 ant setting time Message-ID: <4.2.0.58.19990819161554.04790800@localhost> In-Reply-To: <199908191819.LAA94866@bubba.whistle.com> References: <B500F74C6527D311B61F0000C0DF5ADC07ECB5@valhall.ign.se>
next in thread | previous in thread | raw e-mail | index | archive | help
My server uses a cron job and ntpupdate to grab tne time from the best of several accurate government servers. Would securelevel 3 allow this? --Brett Glass At 11:19 AM 8/19/99 -0700, Archie Cobbs wrote: >Lowkrantz, Goran writes: > > Just found that I can't correct the time on my firewall, running at security > > level 3. When I try I get the following: > > > > date: settimeofday (timeval): Operation not permitted > > > > Is this by design? If so, why? > >Yes, this is to prevent attacks that use wrong time settings. >You are allowed to change the time a little bit, just not a lot. > >The solution would be to do somthing like this.. > > - At boot time, before setting the securelevel, run ntpdate > - Run xntpd normally > >-Archie > >___________________________________________________________________________ >Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990819161554.04790800>