[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ntpdate from cron -- DON'T DO THAT!



On Sat, Dec 21, 2002 at 04:15:35PM -0800, nate wrote:
> it can, and does I've been using it for ages. I do not like to run
> ntpd on everything[1]. The less daemons listening on ports the better for me.
> ntpd is more accurate then ntpdate, but doing a ntpdate <timeserver>;
> hwclock --systohc works fine for me.

So run ntp-simple or use iptables to block the port.  Use the tools
you have, don't run away.

> [1] http://www.kb.cert.org/vuls/id/970472
> yes I know it's patched now, but another issue could come up in the
> future, and ntpd is not vital enough for me to run everywhere.

The only thing to fear is fear itself.  Any software could develop
security holes, this isn't a good excuse to thunderclap the server.

-- 
 .''`.     Baloo <baloo@ursine.dyndns.org>
: :'  :    proud Debian admin and user
`. `'`
  `-  Debian - when you have better things to do than to fix a system

Attachment: pgpvhwFHRcVCU.pgp
Description: PGP signature


Reply to: