[ntp] disable monitor in default ntp.conf
Miroslav Lichvar
mlichvar at fedoraproject.org
Thu Jul 3 16:22:44 UTC 2014
commit 60376703e3874bc7970be6f2d3b51f1138892df0
Author: Miroslav Lichvar <mlichvar at redhat.com>
Date: Thu Jul 3 18:02:02 2014 +0200
disable monitor in default ntp.conf
ntp.conf | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/ntp.conf b/ntp.conf
index 258e380..5ce2137 100644
--- a/ntp.conf
+++ b/ntp.conf
@@ -50,3 +50,9 @@ keys ETCNTP/keys
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
+
+# Disable the monitoring facility to prevent amplification attacks using ntpdc
+# monlist command when default restrict does not include the noquery flag. See
+# CVE-2013-5211 for more details.
+# Note: Monitoring will not be disabled with the limited restriction flag.
+disable monitor
More information about the scm-commits
mailing list