From owner-freebsd-questions Sun Sep 16 17:12:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtp012.mail.yahoo.com (smtp012.mail.yahoo.com [216.136.173.32]) by hub.freebsd.org (Postfix) with SMTP id CB69037B40B for ; Sun, 16 Sep 2001 17:12:41 -0700 (PDT) Received: from unknown (HELO RAMBUS) (216.179.225.200) by smtp.mail.vip.sc5.yahoo.com with SMTP; 17 Sep 2001 00:12:41 -0000 X-Apparently-From: Message-ID: <008901c13f0d$7eaa4fa0$c8e1b3d8@liquidground.com> Reply-To: "DrTebi" From: "DrTebi" To: References: <001701c13efc$7b6853c0$c8e1b3d8@liquidground.com> <20010917003954.A8822@student.uu.se> <003b01c13f08$10a176f0$095f5f0a@battleship> Subject: Re: security level and system time question Date: Sun, 16 Sep 2001 17:12:48 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thanks to everyone, it worked and my time is up to date now. One thing I would like to add is that I also had to set ntpdate_flags="ntp.netcom.ca" so that ntpdate works at bootup. Are there any security risks running ntpd? If yes, how could they be fixed/limited? DrTebi > I would agree that ntpdate on bootup, then ntpd there after is a good idea. > > However, to avoid any security issues of running the ntpd service > constantly, I do ntpdate every hour instead. Even at securily level 2, it > does a good job. > > > > On Sun, Sep 16, 2001 at 03:11:05PM -0700, DrTebi wrote: > > > Hello, > > > I understand that it is not possible to run ntpdate or date when in > security > > > level 2 -- at least not when the time is off by more than one second. > > > I must say that's quite impossible to have a system clock that is not > > > inaccurate, at least mine are all not. > > > > > > What could be done to fix this? I would prefer to stay in security level > 2, > > > but don't want my time to be off by 1 minute every month. > > > Would it make sence to run a cron job (a'la ntpdate ntp.netcom.ca) every > > > minute? Does that sound unreasonable? Is there any security risk running > a > > > cron job like that (since it would have to be root's cron job)? > > > > First run ntpdate at startup. > > (ntpdate_enable in rc.conf) > > This will set your system time before the securelevel is raised. > > > > Then run ntpd (xntpd_enable in rc.conf) which will make sure that your > > system time is always less than a second off. (Actually it will keep > > the system time even more accurate.) > > Running ntpd is much more efficient than running ntpdate often. > > > > I don't actually run at increased securelevels so I can't guarantee > > that this will work in that case but it should work fine. > > > > -- > > > > Erik Trulsson > > ertr1013@student.uu.se > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message