Linux - Netzwerk und Serveradminstration NTP: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 24: | Zeile 24: | ||
| '''FQDN''' || ntp.it2XX.int || Fully Qualified Domain Name | | '''FQDN''' || ntp.it2XX.int || Fully Qualified Domain Name | ||
|- | |- | ||
| − | | '''SHORT''' || | + | | '''SHORT''' || ntp || Short Name |
|- | |- | ||
| '''DOM''' || it2XX.int|| Domain Name | | '''DOM''' || it2XX.int|| Domain Name | ||
| Zeile 30: | Zeile 30: | ||
;Anpassen des Templates | ;Anpassen des Templates | ||
*[[Anpassen des Debian Templates]] | *[[Anpassen des Debian Templates]] | ||
| + | |||
=installieren ntp= | =installieren ntp= | ||
*sudo apt install ntpsec | *sudo apt install ntpsec | ||
| Zeile 43: | Zeile 44: | ||
pool 3.debian.pool.ntp.org iburst | pool 3.debian.pool.ntp.org iburst | ||
restrict default kod nomodify noquery limited | restrict default kod nomodify noquery limited | ||
| − | restrict 10. | + | restrict 10.88.2XX.0 mask 255.255.255.0 nomodify notrap |
restrict 172.26.2XX.0 mask 255.255.255.0 nomodify notrap | restrict 172.26.2XX.0 mask 255.255.255.0 nomodify notrap | ||
restrict 10.2XX.1.0 mask 255.255.255.0 nomodify notrap | restrict 10.2XX.1.0 mask 255.255.255.0 nomodify notrap | ||
| Zeile 51: | Zeile 52: | ||
*systemctl status ntpsec | *systemctl status ntpsec | ||
*journalctl -fu ntpsec | *journalctl -fu ntpsec | ||
| + | *ntpq -p | ||
| + | |||
=Wo lauscht der ntpserver= | =Wo lauscht der ntpserver= | ||
*ss -lnup | grep 123 | *ss -lnup | grep 123 | ||
Aktuelle Version vom 24. April 2026, 09:02 Uhr
NTP Server
![Bearbeiten](javascript:editDrawio("294617865", "5102-ntp-01.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
Vorbereitungen
- VirtualBox Server-Vorlage klonen
- Der Host soll im DMZ-Netzwerk liegen
- statische IP-Adresse nach dem Netzwerkplan setzen (/etc/network/interfaces)
- SSH-Schlüssel des Kit Hosts für User kit hinterlegen
Netzkonfiguration DNS-Server (DMZ)
| Parameter | Wert | Erläuterung |
|---|---|---|
| Netzwerk (NIC) | DMZ | Interface-Zuweisung in VirtualBox |
| IP | 10.88.2XX.17 | Statische IP |
| CIDR | 24 | Classless Inter-Domain Routing Präfixlänge |
| GW | 10.88.2XX.1 | GATEWAY |
| NS | 10.88.2XX.21 | Resolver |
| FQDN | ntp.it2XX.int | Fully Qualified Domain Name |
| SHORT | ntp | Short Name |
| DOM | it2XX.int | Domain Name |
- Anpassen des Templates
installieren ntp
- sudo apt install ntpsec
Anpassen
- cat /etc/ntpsec/ntp.conf
driftfile /var/lib/ntpsec/ntp.drift leapfile /usr/share/zoneinfo/leap-seconds.list tos maxclock 11 tos minclock 4 minsane 3 pool 0.debian.pool.ntp.org iburst pool 1.debian.pool.ntp.org iburst pool 2.debian.pool.ntp.org iburst pool 3.debian.pool.ntp.org iburst restrict default kod nomodify noquery limited restrict 10.88.2XX.0 mask 255.255.255.0 nomodify notrap restrict 172.26.2XX.0 mask 255.255.255.0 nomodify notrap restrict 10.2XX.1.0 mask 255.255.255.0 nomodify notrap restrict ::1
Handling wie gehabt
- systemctl status ntpsec
- journalctl -fu ntpsec
- ntpq -p
Wo lauscht der ntpserver
- ss -lnup | grep 123
Wie bindet man die Clients
Statitsch
- Inmstallation auf dem Client
- apt install ntpsec
- Konfiguration
- cat /etc/ntpsec/ntp.conf
driftfile /var/lib/ntpsec/ntp.drift leapfile /usr/share/zoneinfo/leap-seconds.list tos maxclock 11 tos minclock 4 minsane 3 restrict default kod nomodify noquery limited restrict 127.0.0.1 restrict ::1 server ntp.it213.int