Find the answer to your Linux question:
Results 1 to 4 of 4
Hi Folks, i'm looking for a linux distro for a hardened NTP time server for my network. It will be running on a dedicated 1U box JUST for the NTP ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2007
    Posts
    3

    Which Distro for hardened NTP server?


    Hi Folks,
    i'm looking for a linux distro for a hardened NTP time server for my network. It will be running on a dedicated 1U box JUST for the NTP stuff so cycles are not a stress. However I have a few requirements:

    fast install, if it goes down it has to be back up again in less than an hour
    automatic security updates, like an emerge -u world type thing that I can cron
    secured. I only need SSH and NTP open and it must be hardened, preferably out of the box
    I have no need of any other apps so the more minimal the better. It's headless so no X needed

    Gentoo seems to leap out of the list, but I dont have the time to build it so a binary install would be a better bet for us. I would go with slackware but i would like a distro that is updated more often in the face of security alerts etc

    Any thoughts?

  2. #2
    Just Joined!
    Join Date
    Jun 2007
    Posts
    3
    Oh, additional information: I will be using both a GPS source and a Radio source as my primary datum in addition to the onboard clock. I assume that these type of devices are well supported in the kernel

  3. #3
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    A few thoughts on this -- might help, might not.

    Quote Originally Posted by GordonCopestake
    fast install, if it goes down it has to be back up again in less than an hour
    A couple different possibilities come to mind:
    • Image the box with something like Ghost 4 Unix, and/or keep a cold spare around that can be brought online if the primary fails. and/or...
    • Run a ntpd server within a FreeBSD jail, and keep a copy of the production jail. If the jailed environment becomes compromised somehow (or otherwise damaged/corrupted), simply wipe out the borked version and start up the copy. or...
    • Run a ntpd server within a virtualized environment on any Linux distro that supports it well. (vmware? qemu?) Same concept as with a FreeBSD jail. You have a copy that you can bring up very quickly if the prod version gets into trouble. or...
    • After configuring things the way you'd like them, create a live cd (based on a Linux distro). This can obviously be deployed very quickly among machines with the same or very similar hardware.


    Note: These are just options to consider. Every single one of these options will require a lot of research and practice to understand and implement. (Way beyond the scope of this thread.)

    Quote Originally Posted by GordonCopestake
    automatic security updates, like an emerge -u world type thing that I can cron
    This should be possible with FreeBSD (freebsd-update for base system), RH/CentOS (yum), Debian (apt-get), etc.

    Personally, I never automate something like this. I test updates in a safe environment rather than just roll them out into production...

    Quote Originally Posted by GordonCopestake
    I only need SSH and NTP open and it must be hardened, preferably out of the box
    Some BSDs / GNU/Linux distros are better than others in this area. I'd say you are going to want to understand how to configure and harden sshd and ntpd on your own.

    Quote Originally Posted by GordonCopestake
    I will be using both a GPS source and a Radio source as my primary datum in addition to the onboard clock. I assume that these type of devices are well supported in the kernel
    I have zero familiarity with hardware that falls into those categories. You'll have a lot of research (google, hardware support mailing lists) to do to answer that point/question.

    Anyway, that's a start hopefully. Good luck.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jun 2007
    Posts
    3
    Thanks for the tips, very much appreciated

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •