Linux系統(tǒng)搭建NTP服務(wù)器教程實(shí)施環(huán)境服務(wù)器配置：虛擬機(jī)，2cpu,2G內(nèi)存,50G硬盤linux系統(tǒng)：CentOSrelease7.6.1810服務(wù)器IP:10.1.0?145步驟一：操作系統(tǒng)安裝步驟略過，進(jìn)入操作系統(tǒng)，首先手動(dòng)配置IP地址#vi/etc/sysconfig/network-scripts/ifcfg-eth0注：最后一個(gè)ifcfg-eth0為網(wǎng)卡名稱需配置的幾個(gè)關(guān)鍵參數(shù)如上圖紅色地方。修改后重啟一下網(wǎng)絡(luò)服務(wù)即可##systemctlrestartnetwork步驟二：安裝NTP服務(wù)1、檢查該系統(tǒng)是否已安裝NTP服務(wù)rpm-qntp已安裝，可直接編輯/etc/ntp.conf配置文件。2、如未安裝，使用如下命令在線安裝。#yuminstallntpdatentp-y安裝完可用1的命令再檢查是否安裝成功。步驟三：修改ntp配置文件，紅色字體是修改項(xiàng)。vi/etc/ntp.confFormoreinformationaboutthisfile,seethemanpagesntp.conf⑸，ntp_acc(5),ntp_auth(5),ntp_clock(5),ntp_misc(5),ntp_mon(5).driftfile/var/lib/ntp/drift新增：日志目錄.不需要可不配置logfile/var/log/ntpd.logPermittimesynchronizationwithourtimesource,butdonotpermitthesourcetoqueryormodifytheserviceonthissystem.restrictdefaultnomodifynotrap#允許所有客戶端同步時(shí)間Permitallaccessovertheloopbackinterface.Thiscouldbetightenedaswell,buttodosowouldeffectsomeoftheadministrativefunctions.restrictrestrict::1Hostsonlocalnetworkarelessrestricted.restrictmasknomodifynotrap這一行的含義是授權(quán)網(wǎng)段的客戶端可以從這臺(tái)機(jī)器上查詢和同步時(shí)間.需將上一條命令注釋掉restrictmasknomodifynotrapUsepublicserversfromtheproject.Pleaseconsiderjoiningthepool(/join.html).server0.iburstserver1.iburstserver2.iburstserver3.iburst#新增：配置國內(nèi)公共的時(shí)間服務(wù)器列表.也可換成別的地址server#broadcast55autokey#broadcastserver#broadcastclient#broadcastclient#broadcastautokey#multicastserver#multicastclient#multicastclient#manycastserver54#manycastserver#manycastclient54autokey#manycastclientEnablepublickeycryptography.#cryptoincludefile/etc/ntp/crypto/pwKeyfilecontainingthekeysandkeyidentifiersusedwhenoperatingwithsymmetrickeycryptography.keys/etc/ntp/keysSpecifythekeyidentifierswhicharetrusted.trustedkey4842Specifythekeyidentifiertousewiththentpdcutility.requestkey8Specifythekeyidentifiertousewiththentpqutility.controlkey8Enablewritingofstatisticsrecords.statisticsclockstatscryptostatsloopstatspeerstatsDisablethemonitoringfacilitytopreventamplificationattacksusingntpdcmonlistcommandwhendefaultrestrictdoesnotincludethenoqueryflag.SeeCVE-2013-5211formoredetails.#Note:Monitoringwillnotbedisabledwiththelimitedrestrictionflag.disablemonitor注：修改后記得保存配置文件。restrict控制相關(guān)權(quán)限。語法為：restrictIP地址mask子網(wǎng)掩碼參數(shù)其中IP地址也可以是default，default就是指所有的IP。參數(shù)有以下幾個(gè)：ignore:關(guān)閉所有的NTP聯(lián)機(jī)服務(wù)nomodify：客戶端不能更改服務(wù)端的時(shí)間參數(shù)，但是客戶端可以通過服務(wù)端進(jìn)行網(wǎng)絡(luò)校時(shí)。notrust：客戶端除非通過認(rèn)證，否則該客戶端來源將被視為不信任子網(wǎng)

noquery:不提供客戶端的時(shí)間查詢：用戶端不能使用ntpq,ntpc等命令來查詢ntp服務(wù)器notrap:不提供trap遠(yuǎn)端登陸：拒絕為匹配的主機(jī)提供模式6控制消息陷阱服務(wù)。陷阱服務(wù)是ntpdq控制消息協(xié)議的子系統(tǒng)，用于遠(yuǎn)程事件日志記錄程序。nopeer:用于阻止主機(jī)嘗試與服務(wù)器對(duì)等，并允許欺詐性服務(wù)器控制時(shí)鐘kod：訪問違規(guī)時(shí)發(fā)送KoD包。restrict-6表示IPV6地址的權(quán)限設(shè)置。步驟四：設(shè)置NTP服務(wù)開機(jī)啟動(dòng)#systemctlenablentpd#systemctlenablentpdate#systemctlis-enabledntpd[rcHJt&localhost?systemctlenablentpdcireatGdsyimliinkfroni/etc/sysremd/systan/rnulr1-lis-br.target.^lanrs/ntpd.serv1ceto/usr/lib/sy&temd/system/ntpd.service.[ro-ot&lociailhost-]#5y5temctleinablentpdatecireicLiitidsytnl1inkfrom/ei scemd/system/miull1-usertlairget.taaims/nxpdateaseirvicano/usr/Hb/systemd/gystem/initpdate.service-步驟五：?jiǎn)⒂胣tp服務(wù)//啟動(dòng)服務(wù)systemctlstartntpd〃查看NTP服務(wù)運(yùn)行狀態(tài)systemctlstatusntpd[roorftloca1host■■ntpd.servicesremcTi門育用「同?1nadprlf'/iir/HUIh/Active:active(rurningiail昨鞫工。|13后*§ CGroup;[roorftloca1host■■ntpd.servicesremcTi門育用「同?1nadprlf'/iir/HUIh/Active:active(rurningiail昨鞫工。|13后*§ CGroup;/system,siice/rtp1—13645/usr/sbin/ntpd-urrtp:nrp-gQ04埼$$$<44445122222222220--K月月月月月月月nr月nrrtaa九丸九丸九丸丸丸丸丸HltrL1IX11JL22222211OJal22c1.11,1111-yin122222222331b24”24242424244053"Iocalt>osi:r1ocaldomainmpd1oca!host1ocaldomainntpd"Iocal,1ocaldomainnrpd1ocalhost.1ocaldomainntpd"Ioc^lh&snr1ocaldomainmpd1acaihost.1Dealdomainntpd1ocalhost.1ocaldomainmpd1acaihost.1DealdomainntpdIoc^lhost.1ocaldomainmpd"Iacaihost-1ocaldomainntpdwereell-ipsized?use一]to13645]：13M51:11645]：13M51:13645J：1364SI!136451：HWEI;13545]:11&453:showinLisiennorrtiaHyonListemnorrrkallyonListennorrnallycxi5eThQfeSO：：2ab3ia5a2;122f,,-123Listeningon0,-0,0r0O.O.O.OO.-D.O.Oo.n.o.ofull.而有c012C1>11c61406120615routingsocketmfd#22resrarifreq_Eatkernel0.000frecLnoi-serft-eq^mndefreq_seckernel0.576clock_syncf-orirrte.』.tesPPMPPM注：紅色框的幾個(gè)地方，狀態(tài)active(running)說明服務(wù)運(yùn)行，右下角紅色框?yàn)楸O(jiān)聽端口UDP123。步驟六：本機(jī)防火墻放行UDP123端口。Centos7安裝完默認(rèn)防火墻是啟用狀態(tài)，并且未放行業(yè)務(wù)端口，需手動(dòng)放行端口或關(guān)閉防火墻，為了服務(wù)器安裝，建議采用放行端口的方式。firewall-cmd--permanent--add-service=ntpfirewall-cmd-reload〃增加放行端口必須要reload不然沒生效NTP服務(wù)器配置完成。測(cè)試：NTP客戶端：windows7系統(tǒng)

如