tachtler:time_protocol_centos_7
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:time_protocol_centos_7 [2014/09/11 16:50] – [Konfiguration] klaus | tachtler:time_protocol_centos_7 [2014/10/16 10:49] (aktuell) – [Time Protocol CentOS 7] klaus | ||
---|---|---|---|
Zeile 11: | Zeile 11: | ||
:!: **HINWEIS ** - Nachfolgend soll die Installation eines " | :!: **HINWEIS ** - Nachfolgend soll die Installation eines " | ||
- | :!: **HINWEIS** - **Der Einsatz von IPv6 soll __NICHT__ genutzt werden!!!** | + | :!: **HINWEIS** - **IPv6 soll __NICHT__ genutzt werden!!!** |
Ab hier werden zur Ausführung nachfolgender Befehle **'' | Ab hier werden zur Ausführung nachfolgender Befehle **'' | ||
Zeile 38: | Zeile 38: | ||
updates | updates | ||
Loading mirror speeds from cached hostfile | Loading mirror speeds from cached hostfile | ||
- | 48 packages excluded due to repository priority protections | ||
Resolving Dependencies | Resolving Dependencies | ||
--> Running transaction check | --> Running transaction check | ||
Zeile 135: | Zeile 134: | ||
Loaded plugins: fastestmirror | Loaded plugins: fastestmirror | ||
Loading mirror speeds from cached hostfile | Loading mirror speeds from cached hostfile | ||
- | 48 packages excluded due to repository priority protections | ||
Resolving Dependencies | Resolving Dependencies | ||
--> Running transaction check | --> Running transaction check | ||
Zeile 219: | Zeile 217: | ||
Der Dienst/ | Der Dienst/ | ||
< | < | ||
- | ]# systemctl status xinetd | + | # systemctl status xinetd |
xinetd.service - Xinetd A Powerful Replacement For Inetd | xinetd.service - Xinetd A Powerful Replacement For Inetd | ||
| | ||
Zeile 240: | Zeile 238: | ||
< | < | ||
# ls -l / | # ls -l / | ||
+ | total 44 | ||
+ | -rw-------. 1 root root 1157 Jun 9 20:55 chargen-dgram | ||
+ | -rw-------. 1 root root 1159 Jun 9 20:55 chargen-stream | ||
+ | -rw-------. 1 root root 1157 Jun 9 20:55 daytime-dgram | ||
+ | -rw-------. 1 root root 1159 Jun 9 20:55 daytime-stream | ||
+ | -rw-------. 1 root root 1157 Jun 9 20:55 discard-dgram | ||
+ | -rw-------. 1 root root 1159 Jun 9 20:55 discard-stream | ||
+ | -rw-------. 1 root root 1148 Jun 9 20:55 echo-dgram | ||
+ | -rw-------. 1 root root 1150 Jun 9 20:55 echo-stream | ||
+ | -rw-------. 1 root root 1212 Jun 9 20:55 tcpmux-server | ||
+ | -rw-------. 1 root root 1149 Jun 9 20:55 time-dgram | ||
+ | -rw-------. 1 root root 1150 Jun 9 20:55 time-stream | ||
</ | </ | ||
sind die beiden Konfigurationsdateien | sind die beiden Konfigurationsdateien | ||
Zeile 251: | Zeile 261: | ||
</ | </ | ||
gekennzeichnet. | gekennzeichnet. | ||
+ | |||
+ | === / | ||
+ | |||
+ | Nachfolgend dargestellte Änderungen sollten an der Konfigurationsdatei durchgeführt werden (**komplette Konfigurationsdatei**): | ||
+ | <code ini> | ||
+ | # This is the configuration for the udp/dgram time service. | ||
+ | |||
+ | service time | ||
+ | { | ||
+ | # This is for quick on or off of the service | ||
+ | # Tachtler | ||
+ | # default: | ||
+ | disable | ||
+ | |||
+ | # The next attributes are mandatory for all services | ||
+ | id = time-dgram | ||
+ | type = INTERNAL | ||
+ | wait = yes | ||
+ | socket_type | ||
+ | # | ||
+ | |||
+ | # External services must fill out the following | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # External services not listed in / | ||
+ | # | ||
+ | |||
+ | # RPC based services must fill out these | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Logging options | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Networking options | ||
+ | # Tachtler | ||
+ | # default: # flags = | ||
+ | flags = IPv4 | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Access restrictions | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Environmental options | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Banner options. (Banners aren't normally used) | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | === / | ||
+ | |||
+ | Nachfolgend dargestellte Änderungen sollten an der Konfigurationsdatei durchgeführt werden (**komplette Konfigurationsdatei**): | ||
+ | <code ini> | ||
+ | # This is the configuration for the tcp/stream time service. | ||
+ | |||
+ | service time | ||
+ | { | ||
+ | # This is for quick on or off of the service | ||
+ | # Tachtler | ||
+ | # default: | ||
+ | disable | ||
+ | |||
+ | # The next attributes are mandatory for all services | ||
+ | id = time-stream | ||
+ | type = INTERNAL | ||
+ | wait = no | ||
+ | socket_type | ||
+ | # | ||
+ | |||
+ | # External services must fill out the following | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # External services not listed in / | ||
+ | # | ||
+ | |||
+ | # RPC based services must fill out these | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Logging options | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Networking options | ||
+ | # Tachtler | ||
+ | # default: # flags = | ||
+ | flags = IPv4 | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Access restrictions | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Environmental options | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Banner options. (Banners aren't normally used) | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== iptables Regel ===== | ||
+ | |||
+ | :!: **WICHTIG** - **Nur relevant beim Einsatz von '' | ||
+ | |||
+ | Damit der " | ||
+ | |||
+ | Um die aktuellen '' | ||
+ | < | ||
+ | # iptables -L -nv --line-numbers | ||
+ | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 | ||
+ | 2 0 0 ACCEPT | ||
+ | 3 0 0 ACCEPT | ||
+ | 4 1 60 ACCEPT | ||
+ | 5 106 8056 ACCEPT | ||
+ | 6 | ||
+ | |||
+ | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 0 0 REJECT | ||
+ | |||
+ | Chain OUTPUT (policy ACCEPT 2246 packets, 823K bytes) | ||
+ | num pkts bytes target | ||
+ | </ | ||
+ | |||
+ | Nachfolgende Befehle, fügen folgende '' | ||
+ | * < | ||
+ | * < | ||
+ | und hier die Befehle: | ||
+ | < | ||
+ | # iptables -I INPUT 5 -p tcp --dport 37 -j ACCEPT | ||
+ | # iptables -I INPUT 5 -p udp --dport 37 -j ACCEPT | ||
+ | </ | ||
+ | |||
+ | Ein erneute Abfrage des '' | ||
+ | < | ||
+ | # iptables -L -nv --line-numbers | ||
+ | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 | ||
+ | 2 0 0 ACCEPT | ||
+ | 3 0 0 ACCEPT | ||
+ | 4 1 60 ACCEPT | ||
+ | 5 0 0 ACCEPT | ||
+ | 6 0 0 ACCEPT | ||
+ | 7 115 8740 ACCEPT | ||
+ | 8 | ||
+ | |||
+ | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 0 0 REJECT | ||
+ | |||
+ | Chain OUTPUT (policy ACCEPT 6 packets, 800 bytes) | ||
+ | num pkts bytes target | ||
+ | </ | ||
+ | |||
+ | Die neuen Zeilen sind an **Position 5** und **Postition 6** zu sehen, hier nachfolgend zur Verdeutlichung noch einmal dargestellt (**nur relevanter Ausschnitt**): | ||
+ | < | ||
+ | ... | ||
+ | 5 0 0 ACCEPT | ||
+ | 6 0 0 ACCEPT | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | Um diese '' | ||
+ | < | ||
+ | # service iptables save | ||
+ | iptables: Saving firewall rules to / | ||
+ | </ | ||
+ | |||
+ | ===== Zeitserver starten ===== | ||
+ | |||
+ | Um einen " | ||
+ | < | ||
+ | # systemctl start xinetd | ||
+ | </ | ||
+ | |||
+ | Ob der " | ||
+ | < | ||
+ | # ps auxwf | grep xinetd | ||
+ | root | ||
+ | root | ||
+ | </ | ||
+ | bzw. nachfolgendem Befehl überprüft werden: | ||
+ | |||
+ | < | ||
+ | # systemctl status xinetd | ||
+ | xinetd.service - Xinetd A Powerful Replacement For Inetd | ||
+ | | ||
+ | | ||
+ | Process: 25941 ExecStart=/ | ||
+ | status=0/ | ||
+ | Main PID: 25942 (xinetd) | ||
+ | | ||
+ | | ||
+ | |||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain systemd[1]: Started Xinetd A Powerful Replacement For Inetd. | ||
+ | </ | ||
+ | |||
+ | Auf welchen Ports der '' | ||
+ | < | ||
+ | # netstat -tulpen | grep xinetd | ||
+ | tcp 0 0 0.0.0.0: | ||
+ | udp 0 0 0.0.0.0: | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - //Falls der Befehl '' | ||
+ | |||
+ | Eine weitere Überprüfung, | ||
+ | < | ||
+ | # chkconfig --list | tail -n 12 | ||
+ | |||
+ | Note: This output shows SysV services only and does not include native | ||
+ | systemd services. SysV configuration data might be overridden by native | ||
+ | systemd configuration. | ||
+ | |||
+ | If you want to list systemd services use ' | ||
+ | To see services enabled on particular target use | ||
+ | ' | ||
+ | |||
+ | xinetd based services: | ||
+ | chargen-dgram: | ||
+ | chargen-stream: | ||
+ | daytime-dgram: | ||
+ | daytime-stream: | ||
+ | discard-dgram: | ||
+ | discard-stream: | ||
+ | echo-dgram: | ||
+ | echo-stream: | ||
+ | tcpmux-server: | ||
+ | time-dgram: | ||
+ | time-stream: | ||
+ | </ | ||
+ | |||
+ | ===== Zeitserver überprüfen ===== | ||
+ | |||
+ | Unter Zuhilfenahme des Befehls **'' | ||
+ | |||
+ | Nachfolgende Befehle, können auf dem Server auf dem der " | ||
+ | |||
+ | Befehl zu Abfrage gegen den Zeitserver via **TCP**: | ||
+ | < | ||
+ | # rdate 192.168.0.20 | ||
+ | rdate: [192.168.0.20] Thu Sep 11 17:12:07 2014 | ||
+ | |||
+ | </ | ||
+ | |||
+ | Befehl zu Abfrage gegen den Zeitserver via **UDP**: | ||
+ | < | ||
+ | # rdate -u 192.168.0.20 | ||
+ | rdate: [192.168.0.20] Thu Sep 11 17:12:24 2014 | ||
+ | |||
+ | </ | ||
tachtler/time_protocol_centos_7.txt · Zuletzt geändert: 2014/10/16 10:49 von klaus