NTP Server (Demo)
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey, cybrarians, welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor, Rob Gells,
00:00
and in today's lesson,
00:00
we're going to discuss NTP Servers.
00:00
Upon completion of this lesson,
00:00
you're going to understand why
00:00
timekeeping is so important in Linux.
00:00
We're going to talk about how NTP works to ensure
00:00
time consistency and then we're going to
00:00
configure NTP on CentOS and Ubuntu.
00:00
So Network Time Protocol or NTP is
00:00
critically important for
00:00
>> a lot of applications in Linux.
00:00
>> Any application that needs to
00:00
ensure that clocks are in sync with each other,
00:00
for example, system logging and logging servers,
00:00
they need to ensure that the timestamp
00:00
that they have for the system log is
00:00
accurate against the time
00:00
on the system where the logging occurred.
00:00
Or if we're looking for files on any system,
00:00
we want to make sure that the date and timestamp in
00:00
those files is correct
00:00
and is what we think they should be.
00:00
Another thing is when you're talking about client and
00:00
server services like authentication with LDAP,
00:00
we want to make sure that
00:00
those servers are especially in sync.
00:00
When LDAP servers get out of sync in terms of time,
00:00
you have weird replication issues
00:00
occur and those are never fun to troubleshoot,
00:00
ask me how I know.
00:00
Now NTP server role is used to ensure
00:00
those accurate system times and
00:00
an NTP client receives its time from an NTP server.
00:00
Remember this, NTP communicates over port
00:00
123 and anytime you see
00:00
one of these fingers with a string tied around it,
00:00
this is something that I think might be on the exam.
00:00
I know for a fact from personal experience that
00:00
CompTIA loves to test on port numbers on its exams,
00:00
so remember NTP port 123.
00:00
NTP servers are either going to be
00:00
deployed by an organization or
00:00
the organization may make use
00:00
of public NTP servers that are already out there.
00:00
A really common one are
00:00
the servers that you get from pool.ntp.org.
00:00
Generally, when you see a pool
00:00
like that configured on a client,
00:00
it's going to be at least three or four servers
00:00
that are indicated in a pool on the client,
00:00
so server0.pool.ntp.org,
00:00
and then server 1 and 2 as well.
00:00
Now, NTP accuracy is
00:00
determined through something called a stratum value.
00:00
Stratum is just a number from 0-15,
00:00
but the lower the number is,
00:00
the more accurate it's considered.
00:00
That's because a stratum-0 NTP server
00:00
gets its timestamps from an atomic clock,
00:00
which is the most accurate clock on the planet.
00:00
Now most NTP servers are not
00:00
going to be stratum-0. It's pretty rare.
00:00
They're going to be stratum-1 or higher.
00:00
But a stratum-1 NTP server gets
00:00
its timestamp from a stratum-0 server.
00:00
Therefore, stratum-2 gets
00:00
its timestamps from stratum-1,
00:00
and so on and so forth.
00:00
Just remember the lower the stratum,
00:00
the more accurate that time server is going to be.
00:00
With that, let's go ahead and see NTP in
00:00
action with some demo time.
00:00
Here we are back in our demo environment
00:00
and today we're going to start with CentOS.
00:00
There are really two methods to
00:00
install NTP depending upon
00:00
which type of distribution you're using
00:00
if it's running RPM or if it's running apt or AppKit.
00:00
RPM is going to be CentOS,
00:00
apt or apt is going to be Debian or Ubuntu.
00:00
We're going to start with CentOS first.
00:00
The thing is, well,
00:00
CentOS actually already has time installed on it.
00:00
What this system uses here is
00:00
called chronyd and we can see that with
00:00
system CTL status on
00:00
chronyd that this is actually already hearing.
00:00
This server is for NTP client-server is
00:00
actually already running on
00:00
this system and it is enabled.
00:00
But if it wasn't enabled, it wasn't installed,
00:00
we can install it with DNF install chrony.
00:00
Then after we install that,
00:00
we would do a system CTL
00:00
>> enable dash dash now on chrony.
00:00
>> That will start and enable chrony in one fell swoop,
00:00
that system CTL enable
00:00
dash dash now command does both at one time.
00:00
But since it's already installed,
00:00
what we need to do in order to make this into
00:00
an NTP server is that we have to
00:00
modify its configuration file.
00:00
Now, the configuration file for CentOS systems,
00:00
for RPM systems that are running chrony,
00:00
that is found in etc/chrony.conf.
00:00
Really all we have to do is allow
00:00
NTP access from a local network.
00:00
By enabling this we're basically telling the system,
00:00
hey, you're now acting as an NTP server.
00:00
You're not just a client, you're a server.
00:00
You're serving out information and you
00:00
would add allow lines for every network
00:00
that you wanted to allow to query
00:00
this server for NTP time.
00:00
In our case, we just have the one
00:00
so we're going to go ahead and hit "Escape".
00:00
After we uncomment it,
00:00
we're going to escape and then
00:00
hit ":wq" to write and quit
00:00
out of this file like we should when we're working
00:00
in Vim, and then we're good there.
00:00
Now all we need to do to pick up that change
00:00
though is we need to restart chronyd.
00:00
Once we do a restart on chronyd service,
00:00
it's going to pick up the change.
00:00
The only thing that we need to know about though,
00:00
on CentOS systems is that
00:00
sometimes they're running firewalls,
00:00
and so on this system we can see system CTL status.
00:00
Firewall D is the firewall service
00:00
that we run here and it is running.
00:00
What we're going to do is we're going to add
00:00
a firewall rule to allow NTP traffic through,
00:00
and the way that we could do this by using
00:00
the firewall CMD command.
00:00
Firewall CMD, we're going to add
00:00
a permanent rule because we
00:00
want this to be on all the time.
00:00
We're going to say dash dash add - service
00:00
and the service that we want to add
00:00
equals NTP. There we go.
00:00
We'll do this while we're already
00:00
root so we don't need to run pseudo,
00:00
but generally we would put that through
00:00
a pseudo if we weren't root,
00:00
and then there we go. It's already enabled.
00:00
Yeah, of course, it is because
00:00
>> we're already running NTP
00:00
>> on this system, but that's good to go.
00:00
The other thing that we do is we do a reload to make
00:00
sure that that firewall change has been picked up
00:00
and then we can see that
00:00
the firewall allows traffic
00:00
>> through on port 123 for NTP.
00:00
>> There we go, success.
00:00
Now let's go ahead and move over to
00:00
our Ubuntu system and see how we can install NTP there.
00:00
Here we are at our Ubuntu system and by comparison
00:00
Ubuntu doesn't have NTP
00:00
set up installed on it by default.
00:00
We can get that going by doing
00:00
an apt install of NTP on our Ubuntu system.
00:00
Here it's going to prompt us. Do we
00:00
want to download and install this,
00:00
and how much disk space it's going to
00:00
take? We say, "Yeah, go ahead."
00:00
We watch this go and we see a lovely bunch of
00:00
hash marks across the bottom indicating progress.
00:00
We wait a little bit longer,
00:00
maybe a little bit longer after that,
00:00
and eventually it's going to drop this back to
00:00
a command prompt and there we go.
00:00
Now, we can see the configuration file for NTP
00:00
on an Ubuntu system by going into etc/ntp.conf.
00:00
I'm going to cut out this line.
00:00
Now, one of the first things that we're
00:00
going to see is that the server
00:00
already has upstream pools configured right here.
00:00
Pools 0, 1, 2,
00:00
and 3 for ubuntu.pool.ntp.org.
00:00
We're not going to use those.
00:00
We're going to use the
00:00
pool.ntp.org servers just for North America.
00:00
Let's go ahead and fix that.
00:00
Let's go into the file with Vim.
00:00
Instead of looking at it with [inaudible]
00:00
we'll edit it with Vim.
00:00
We're going to go up to this
00:00
>> line and I'm going to hit on
00:00
>> my keyboard the number 4 and then DD.
00:00
Remember from our discussion about working with Vim,
00:00
the DD command deletes lines.
00:00
You can add a four to the beginning of it to
00:00
delete four lines, and that's what I did.
00:00
Now I'm going to hit "I" for insert
00:00
>> and what I'm going to
00:00
>> start doing is adding these servers here.
00:00
I want to add server-0 as north-america.pool.ntp.org.
00:00
I'm going to hit "Escape" and I'm going
00:00
to hit "YY" twice,
00:00
which is going to allow us to yank this line and
00:00
then hit "P" to paste it once below.
00:00
I'm going to change this number from zero to one.
00:00
Those are the only two servers that I want to
00:00
add in here for NTP.
00:00
I'm going to hit "Escape:wq"
00:00
again to quit and right out of Vim.
00:00
Now we can restart NTP by doing
00:00
a systemctl restart ntp and NTP has been restarted.
00:00
But because we're in Ubuntu,
00:00
we also have to take a look at the firewall here.
00:00
Let's do a system CTL status on something called UFW.
00:00
UFW is the uncomplicated firewall.
00:00
We're going to talk a lot
00:00
>> more about firewalls coming up.
00:00
>> But the UFW is the firewall, it's loaded, it's active,
00:00
so we have to add a firewall rule here as
00:00
well to make sure that NTP traffic can flow through.
00:00
The way that we do this is by running
00:00
the command UFW allow NTP.
00:00
That's it. It adds them as a rule.
00:00
In this case it's an existing rule because I did this a
00:00
little earlier while I was setting up the demo.
00:00
But that's how we would go through and add
00:00
a UFW rule on the Ubuntu system.
00:00
But with that, we've reached the end of
00:00
this lesson, and in this lesson,
00:00
we covered why timekeeping is so important in Linux,
00:00
in spite so many applications
00:00
>> need time to be consistent.
00:00
>> We talked about how NTP works
00:00
to make sure that time is consistent
00:00
and then we talked about how to configure
00:00
NTP on CentOS and Ubuntu.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in our next lesson.
Up Next
Instructed By
Similar Content
