tachtler:time_protocol_centos_7
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:time_protocol_centos_7 [2014/09/11 16:28] – angelegt klaus | tachtler:time_protocol_centos_7 [2014/10/16 10:49] (aktuell) – [Time Protocol CentOS 7] klaus | ||
---|---|---|---|
Zeile 11: | Zeile 11: | ||
:!: **HINWEIS ** - Nachfolgend soll die Installation eines " | :!: **HINWEIS ** - Nachfolgend soll die Installation eines " | ||
- | :!: **HINWEIS** - **Der Einsatz von IPv6 soll __NICHT__ genutzt werden!!!** | + | :!: **HINWEIS** - **IPv6 soll __NICHT__ genutzt werden!!!** |
Ab hier werden zur Ausführung nachfolgender Befehle **'' | Ab hier werden zur Ausführung nachfolgender Befehle **'' | ||
Zeile 32: | Zeile 32: | ||
< | < | ||
# yum install xinetd | # yum install xinetd | ||
+ | Loaded plugins: fastestmirror | ||
+ | base | 3.6 kB | ||
+ | epel | 4.4 kB | ||
+ | extras | ||
+ | updates | ||
+ | Loading mirror speeds from cached hostfile | ||
+ | Resolving Dependencies | ||
+ | --> Running transaction check | ||
+ | ---> Package xinetd.x86_64 2: | ||
+ | --> Finished Dependency Resolution | ||
+ | |||
+ | Dependencies Resolved | ||
+ | |||
+ | ================================================================================ | ||
+ | | ||
+ | ================================================================================ | ||
+ | Installing: | ||
+ | | ||
+ | |||
+ | Transaction Summary | ||
+ | ================================================================================ | ||
+ | Install | ||
+ | |||
+ | Total download size: 128 k | ||
+ | Installed size: 261 k | ||
+ | Is this ok [y/d/N]: y | ||
+ | Downloading packages: | ||
+ | xinetd-2.3.15-12.el7.x86_64.rpm | ||
+ | Running transaction check | ||
+ | Running transaction test | ||
+ | Transaction test succeeded | ||
+ | Running transaction | ||
+ | Installing : 2: | ||
+ | Verifying | ||
+ | |||
+ | Installed: | ||
+ | xinetd.x86_64 2: | ||
+ | |||
+ | Complete! | ||
</ | </ | ||
Zeile 37: | Zeile 76: | ||
< | < | ||
# rpm -qil xinetd | # rpm -qil xinetd | ||
+ | Name : xinetd | ||
+ | Epoch : 2 | ||
+ | Version | ||
+ | Release | ||
+ | Architecture: | ||
+ | Install Date: Thu 11 Sep 2014 04:44:45 PM CEST | ||
+ | Group : System Environment/ | ||
+ | Size : 266816 | ||
+ | License | ||
+ | Signature | ||
+ | Source RPM : xinetd-2.3.15-12.el7.src.rpm | ||
+ | Build Date : Mon 09 Jun 2014 08:55:07 PM CEST | ||
+ | Build Host : worker1.bsys.centos.org | ||
+ | Relocations : (not relocatable) | ||
+ | Packager | ||
+ | Vendor | ||
+ | URL : http:// | ||
+ | Summary | ||
+ | Description : | ||
+ | Xinetd is a secure replacement for inetd, the Internet services | ||
+ | daemon. Xinetd provides access control for all services based on the | ||
+ | address of the remote host and/or on time of access and can prevent | ||
+ | denial-of-access attacks. Xinetd provides extensive logging, has no | ||
+ | limit on the number of server arguments, and lets you bind specific | ||
+ | services to specific IP addresses on your host machine. Each service | ||
+ | has its own specific configuration file for Xinetd; the files are | ||
+ | located in the / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
</ | </ | ||
Zeile 42: | Zeile 132: | ||
< | < | ||
# yum install rdate | # yum install rdate | ||
+ | Loaded plugins: fastestmirror | ||
+ | Loading mirror speeds from cached hostfile | ||
+ | Resolving Dependencies | ||
+ | --> Running transaction check | ||
+ | ---> Package rdate.x86_64 0: | ||
+ | --> Finished Dependency Resolution | ||
+ | |||
+ | Dependencies Resolved | ||
+ | |||
+ | ================================================================================ | ||
+ | | ||
+ | ================================================================================ | ||
+ | Installing: | ||
+ | | ||
+ | |||
+ | Transaction Summary | ||
+ | ================================================================================ | ||
+ | Install | ||
+ | |||
+ | Total download size: 19 k | ||
+ | Installed size: 29 k | ||
+ | Is this ok [y/d/N]: y | ||
+ | Downloading packages: | ||
+ | rdate-1.4-25.el7.x86_64.rpm | ||
+ | Running transaction check | ||
+ | Running transaction test | ||
+ | Transaction test succeeded | ||
+ | Running transaction | ||
+ | Installing : rdate-1.4-25.el7.x86_64 | ||
+ | Verifying | ||
+ | |||
+ | Installed: | ||
+ | rdate.x86_64 0: | ||
+ | |||
+ | Complete! | ||
</ | </ | ||
Zeile 47: | Zeile 172: | ||
< | < | ||
# rpm -qil rdate | # rpm -qil rdate | ||
+ | Name : rdate | ||
+ | Version | ||
+ | Release | ||
+ | Architecture: | ||
+ | Install Date: Thu 11 Sep 2014 04:46:02 PM CEST | ||
+ | Group : Applications/ | ||
+ | Size : 29251 | ||
+ | License | ||
+ | Signature | ||
+ | Source RPM : rdate-1.4-25.el7.src.rpm | ||
+ | Build Date : Tue 10 Jun 2014 04:26:22 AM CEST | ||
+ | Build Host : worker1.bsys.centos.org | ||
+ | Relocations : (not relocatable) | ||
+ | Packager | ||
+ | Vendor | ||
+ | URL : ftp:// | ||
+ | Summary | ||
+ | Description : | ||
+ | The rdate utility retrieves the date and time from another machine on | ||
+ | your network, using the protocol described in RFC 868. If you run | ||
+ | rdate as root, it will set your machine' | ||
+ | the machine that you queried. | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
</ | </ | ||
===== Konfiguration ===== | ===== Konfiguration ===== | ||
- | Um einen " | + | Um einen " |
< | < | ||
+ | # systemctl is-enabled xinetd | ||
+ | enabled | ||
+ | </ | ||
+ | * //Die Antwort sollte, wie dargestellt, | ||
+ | :!: **HINWEIS** - Falls die Antwort '' | ||
+ | < | ||
+ | # systemctl enable xinetd | ||
+ | ln -s '/ | ||
</ | </ | ||
- | Eine Überprüfung, | + | Der Dienst/ |
< | < | ||
+ | # systemctl status xinetd | ||
+ | xinetd.service - Xinetd A Powerful Replacement For Inetd | ||
+ | | ||
+ | | ||
+ | |||
</ | </ | ||
+ | |||
+ | :!: **HINWEIS** - Ein Start des Dienstes/ | ||
==== / | ==== / | ||
Zeile 72: | Zeile 238: | ||
< | < | ||
# ls -l / | # ls -l / | ||
+ | total 44 | ||
+ | -rw-------. 1 root root 1157 Jun 9 20:55 chargen-dgram | ||
+ | -rw-------. 1 root root 1159 Jun 9 20:55 chargen-stream | ||
+ | -rw-------. 1 root root 1157 Jun 9 20:55 daytime-dgram | ||
+ | -rw-------. 1 root root 1159 Jun 9 20:55 daytime-stream | ||
+ | -rw-------. 1 root root 1157 Jun 9 20:55 discard-dgram | ||
+ | -rw-------. 1 root root 1159 Jun 9 20:55 discard-stream | ||
+ | -rw-------. 1 root root 1148 Jun 9 20:55 echo-dgram | ||
+ | -rw-------. 1 root root 1150 Jun 9 20:55 echo-stream | ||
+ | -rw-------. 1 root root 1212 Jun 9 20:55 tcpmux-server | ||
+ | -rw-------. 1 root root 1149 Jun 9 20:55 time-dgram | ||
+ | -rw-------. 1 root root 1150 Jun 9 20:55 time-stream | ||
</ | </ | ||
sind die beiden Konfigurationsdateien | sind die beiden Konfigurationsdateien | ||
Zeile 83: | Zeile 261: | ||
</ | </ | ||
gekennzeichnet. | gekennzeichnet. | ||
+ | |||
+ | === / | ||
+ | |||
+ | Nachfolgend dargestellte Änderungen sollten an der Konfigurationsdatei durchgeführt werden (**komplette Konfigurationsdatei**): | ||
+ | <code ini> | ||
+ | # This is the configuration for the udp/dgram time service. | ||
+ | |||
+ | service time | ||
+ | { | ||
+ | # This is for quick on or off of the service | ||
+ | # Tachtler | ||
+ | # default: | ||
+ | disable | ||
+ | |||
+ | # The next attributes are mandatory for all services | ||
+ | id = time-dgram | ||
+ | type = INTERNAL | ||
+ | wait = yes | ||
+ | socket_type | ||
+ | # | ||
+ | |||
+ | # External services must fill out the following | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # External services not listed in / | ||
+ | # | ||
+ | |||
+ | # RPC based services must fill out these | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Logging options | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Networking options | ||
+ | # Tachtler | ||
+ | # default: # flags = | ||
+ | flags = IPv4 | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Access restrictions | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Environmental options | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Banner options. (Banners aren't normally used) | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | === / | ||
+ | |||
+ | Nachfolgend dargestellte Änderungen sollten an der Konfigurationsdatei durchgeführt werden (**komplette Konfigurationsdatei**): | ||
+ | <code ini> | ||
+ | # This is the configuration for the tcp/stream time service. | ||
+ | |||
+ | service time | ||
+ | { | ||
+ | # This is for quick on or off of the service | ||
+ | # Tachtler | ||
+ | # default: | ||
+ | disable | ||
+ | |||
+ | # The next attributes are mandatory for all services | ||
+ | id = time-stream | ||
+ | type = INTERNAL | ||
+ | wait = no | ||
+ | socket_type | ||
+ | # | ||
+ | |||
+ | # External services must fill out the following | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # External services not listed in / | ||
+ | # | ||
+ | |||
+ | # RPC based services must fill out these | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Logging options | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Networking options | ||
+ | # Tachtler | ||
+ | # default: # flags = | ||
+ | flags = IPv4 | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Access restrictions | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Environmental options | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Banner options. (Banners aren't normally used) | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== iptables Regel ===== | ||
+ | |||
+ | :!: **WICHTIG** - **Nur relevant beim Einsatz von '' | ||
+ | |||
+ | Damit der " | ||
+ | |||
+ | Um die aktuellen '' | ||
+ | < | ||
+ | # iptables -L -nv --line-numbers | ||
+ | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 | ||
+ | 2 0 0 ACCEPT | ||
+ | 3 0 0 ACCEPT | ||
+ | 4 1 60 ACCEPT | ||
+ | 5 106 8056 ACCEPT | ||
+ | 6 | ||
+ | |||
+ | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 0 0 REJECT | ||
+ | |||
+ | Chain OUTPUT (policy ACCEPT 2246 packets, 823K bytes) | ||
+ | num pkts bytes target | ||
+ | </ | ||
+ | |||
+ | Nachfolgende Befehle, fügen folgende '' | ||
+ | * < | ||
+ | * < | ||
+ | und hier die Befehle: | ||
+ | < | ||
+ | # iptables -I INPUT 5 -p tcp --dport 37 -j ACCEPT | ||
+ | # iptables -I INPUT 5 -p udp --dport 37 -j ACCEPT | ||
+ | </ | ||
+ | |||
+ | Ein erneute Abfrage des '' | ||
+ | < | ||
+ | # iptables -L -nv --line-numbers | ||
+ | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 | ||
+ | 2 0 0 ACCEPT | ||
+ | 3 0 0 ACCEPT | ||
+ | 4 1 60 ACCEPT | ||
+ | 5 0 0 ACCEPT | ||
+ | 6 0 0 ACCEPT | ||
+ | 7 115 8740 ACCEPT | ||
+ | 8 | ||
+ | |||
+ | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 0 0 REJECT | ||
+ | |||
+ | Chain OUTPUT (policy ACCEPT 6 packets, 800 bytes) | ||
+ | num pkts bytes target | ||
+ | </ | ||
+ | |||
+ | Die neuen Zeilen sind an **Position 5** und **Postition 6** zu sehen, hier nachfolgend zur Verdeutlichung noch einmal dargestellt (**nur relevanter Ausschnitt**): | ||
+ | < | ||
+ | ... | ||
+ | 5 0 0 ACCEPT | ||
+ | 6 0 0 ACCEPT | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | Um diese '' | ||
+ | < | ||
+ | # service iptables save | ||
+ | iptables: Saving firewall rules to / | ||
+ | </ | ||
+ | |||
+ | ===== Zeitserver starten ===== | ||
+ | |||
+ | Um einen " | ||
+ | < | ||
+ | # systemctl start xinetd | ||
+ | </ | ||
+ | |||
+ | Ob der " | ||
+ | < | ||
+ | # ps auxwf | grep xinetd | ||
+ | root | ||
+ | root | ||
+ | </ | ||
+ | bzw. nachfolgendem Befehl überprüft werden: | ||
+ | |||
+ | < | ||
+ | # systemctl status xinetd | ||
+ | xinetd.service - Xinetd A Powerful Replacement For Inetd | ||
+ | | ||
+ | | ||
+ | Process: 25941 ExecStart=/ | ||
+ | status=0/ | ||
+ | Main PID: 25942 (xinetd) | ||
+ | | ||
+ | | ||
+ | |||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain xinetd[25942]: | ||
+ | Sep 11 17:01:40 centos7.localdomain systemd[1]: Started Xinetd A Powerful Replacement For Inetd. | ||
+ | </ | ||
+ | |||
+ | Auf welchen Ports der '' | ||
+ | < | ||
+ | # netstat -tulpen | grep xinetd | ||
+ | tcp 0 0 0.0.0.0: | ||
+ | udp 0 0 0.0.0.0: | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - //Falls der Befehl '' | ||
+ | |||
+ | Eine weitere Überprüfung, | ||
+ | < | ||
+ | # chkconfig --list | tail -n 12 | ||
+ | |||
+ | Note: This output shows SysV services only and does not include native | ||
+ | systemd services. SysV configuration data might be overridden by native | ||
+ | systemd configuration. | ||
+ | |||
+ | If you want to list systemd services use ' | ||
+ | To see services enabled on particular target use | ||
+ | ' | ||
+ | |||
+ | xinetd based services: | ||
+ | chargen-dgram: | ||
+ | chargen-stream: | ||
+ | daytime-dgram: | ||
+ | daytime-stream: | ||
+ | discard-dgram: | ||
+ | discard-stream: | ||
+ | echo-dgram: | ||
+ | echo-stream: | ||
+ | tcpmux-server: | ||
+ | time-dgram: | ||
+ | time-stream: | ||
+ | </ | ||
+ | |||
+ | ===== Zeitserver überprüfen ===== | ||
+ | |||
+ | Unter Zuhilfenahme des Befehls **'' | ||
+ | |||
+ | Nachfolgende Befehle, können auf dem Server auf dem der " | ||
+ | |||
+ | Befehl zu Abfrage gegen den Zeitserver via **TCP**: | ||
+ | < | ||
+ | # rdate 192.168.0.20 | ||
+ | rdate: [192.168.0.20] Thu Sep 11 17:12:07 2014 | ||
+ | |||
+ | </ | ||
+ | |||
+ | Befehl zu Abfrage gegen den Zeitserver via **UDP**: | ||
+ | < | ||
+ | # rdate -u 192.168.0.20 | ||
+ | rdate: [192.168.0.20] Thu Sep 11 17:12:24 2014 | ||
+ | |||
+ | </ | ||
tachtler/time_protocol_centos_7.1410445734.txt.gz · Zuletzt geändert: 2014/09/11 16:28 von klaus