Date: Sat, 02 Nov 2013 15:59:32 -0700 From: Darren Pilgrim <list_freebsd@bluerosetech.com> To: Karl Pielorz <kpielorz_lst@tdx.co.uk>, freebsd-security@freebsd.org Subject: Re: ntpd 4.2.4p8 - up to date? Message-ID: <527583D4.70409@bluerosetech.com> In-Reply-To: <7403C046ABF387E5061BC441@Mail-PC.tdx.co.uk> References: <7403C046ABF387E5061BC441@Mail-PC.tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/1/2013 9:05 AM, Karl Pielorz wrote: > A friend who uses linux a lot happened to notice on a FreeBSD box I > installed the other day and updated to 9.2-R that it's using ntpd 4.2.4p8. There are two ntpd's in ports: a newer version of the one in base (it's literally a drop in replacement) and OpenBSD's openntpd. If you just need a local accurate clock and maybe time service for your LAN, the one in base is ok because you can configure it to workaround the open CVEs. If you're running a public NTP service, you can't workaround spoofing vulnerabilities, so use one of the ports because you can keep it up to date much more easily. You can remove ntpd from the base yourself: 1. Add "WITHOUT_NTP" to /etc/src.conf 2. Run the delete-old and delete-old-libs targets to "uninstall" the base ntpd. 3. Install ports/etc/ntp The port uses the in-base RC script, so you need to set ntpd_program="/usr/local/bin/ntpd" ntpd_config="/usr/local/etc/ntp.conf" in /etc/rc.conf to repoint the script at the port. You don't have to move ntp.conf, but /etc/ntp.conf gets removed by the delete-old target.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?527583D4.70409>