F20 Self Contained Change: Remove deprecated calls of using ntpdate in favor of ntpd
Chuck Anderson
cra at WPI.EDU
Wed Jul 17 13:21:45 UTC 2013
On Wed, Jul 17, 2013 at 08:07:03AM -0500, Chris Adams wrote:
> Once upon a time, Jaroslav Reznik <jreznik at redhat.com> said:
> > ntpdate is slowly being depricated. STIG enhancements for RHEL 6 penalize
> > systems that make use of ntpdate. Also documentation from the NSA Hardening
> > Guidelines as well as CIS Hardening documentation recommends disabling the use
> > of ntpd as a full-time daemon.
>
> Really? Why? Active management of the clock is the only sensible way
> to use NTP.
+1. Anyway, I thought chrony was the default NTP service on Fedora now?
http://fedoraproject.org/wiki/Features/ChronyDefaultNTP
Although my recently installed Fedora 19 didn't have chrony nor ntpd.
I guess the default now is "no time sync".
> > Second, I would like to add a set time and/or randomized time for ntpd to
> > check for time updates (as configured by the user in /etc/sysconfig/ntpdate).
> >
> > I'm thinking of using ntpd with the -q option to immediately exit the daemon
> > after it runs.
>
> This sounds like you want to run ntpd from cron - that is a TERRIBLE
> idea! Running something that manages the clock from a job system the
> depends on the clock is broken by design.
>
> The NTP project has been trying to deprecate ntpdate for a long time
> now, so I have no problem with it going away. However, while the
> proposal subject is to remove ntpdate, you then go into changing the way
> ntpd is used, which is bad (and not obvious from the subject).
Agreed.
More information about the devel
mailing list