Comments (4)
I don't think it is necessary anymore. I lost my Linux server a while ago (long story) and I haven't replaced it yet so I've been out of the loop with what is necessary. I'll try to find time to research and update this guide. Or if you want to submit a PR I would be happy to merge it.
from how-to-secure-a-linux-server.
+1 : it seems that for an NTP client purpose only, the systemd-timesyncd
does a minimalist but sufficient job, except for use cases requiring greater precision maybe ?
a stackexchange question comparing NTP and timesyncd
from how-to-secure-a-linux-server.
Yeah. I'm thinking maybe this is not needed anymore but I don't have a server anymore that I can confirm on. I run Debian + KDE on my daily driver and it came with NTP but I'm not sure if that's cause I'm using it as a personal computer, and not a server, so it installed it.
from how-to-secure-a-linux-server.
Is NTP Necessary?
This is for the sysadmin (yourself) to decide based on the system's needs and capabilities.
Timesyncd uses SNTP instead of NTP, which means the following:
- less memory and processing power usage
- less precise time (does not use advanced drift correction algorithms)
- less security (only uses TLS and NTS)
- cannot work as a NTP server, only as a client
In my case, any time a server has enough resources I will prefer NTP daemons,
purely for the advanced security mechanisms.
If NTP, Should Timesyncd Be Disabled?
when installing ntpd with apt,
it prompts you that it will uninstall the systemd-timesyncd
package.
from how-to-secure-a-linux-server.
Related Issues (20)
- Translate into Mandarin HOT 2
- SSH options HOT 2
- psad fails to update signatures HOT 1
- Implementing Post‑quantum Cryptography
- Gmail SMTP: You can no longer use the account's password HOT 2
- exim4 Gmail - TLS connection errors / "Authentication Required" HOT 3
- SSH keypair not able to login with passpharase HOT 1
- Fail2ban fails on fresh Debian12
- Disabling bash history on root account? HOT 3
- HashKnownHosts set to yes HOT 5
- psad missing ufw log setting
- sshd_config compression option no longer a security risk HOT 1
- sshd_config protocol 1 support completely removed resulting in protocol option being removed
- [Ubuntu 24.04] Error: fail2ban [5004]: ERROR No module named 'asynchat'
- Version this guide and create tags
- Ubuntu Guide is Unreachable HOT 1
- Suggestion: UFW Firewall for Cloudflare
- Please add Postgres section HOT 2
- Conflicting statements on CIS benchmarks HOT 1
- A dead article. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from how-to-secure-a-linux-server.