NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p11
was released on 27 February 2018. It addresses 2 low-/medium-, 1 informational-/medium-, and 2 low-severity security issues in ntpd, 1 medium-severity security issue in ntpq, and provides over 65 non-security bugfixes and other improvements over 4.2.8p10.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
Getting ntpd
its Configuration
Related Items:
Bug #923
Current Practice
Traditionally,
ntpd
gets its configuration information from
/etc/ntp.conf
.
Using the -C
flag to specify additional configuration files
If the simulator is no longer using the
-C
flag then we could use
-C filename
to mean "process
filename
as an additional configuration file".
The following URL extension could also be used in this case.
Rather than adding a
-C
to process an additional config file,
why not simply allow
-c
to be specified multiple times?
BrianUtterback - 23 Oct 2007
I'm concerned that changing the behavior of multiple
-c
instances would be a break with backward compatibility.
--
HarlanStenn - 23 Oct 2007
Extending -c
to allow a URL specification
The
-c
flag to
ntpd
can be used to specify the filename of an
ntp.conf
file.
If we allowed a URL as an argument we could support additional methods of getting this information to
ntpd
.
Including a local file
Syntax: ntpd -c file:///etc/ntp.conf
This is equivalent to
ntpd -c /etc/ntp.conf
.
Retrieving a file via HTTP
Syntax: ntpd -c http://server/ntp.conf
If the web server on
server
processed this URL, it could take the 'client' information from the HTTP request and customize a response.
Retrieving NTP configuration information via DHCP
Syntax: ntpd -c dhcpinfo://server
Communicate with a DHCP server to get any NTP configuration information it might have.
Related Topics: http://www.ietf.org/internet-drafts/draft-gayraud-dhcpv6-ntp-opt-00.txt
Using -e
to act like a single line of a config file
I suggest adding a (possibly multiply
given)
-e
flag that would have as its argument a string that would
be processed as a single line config file.
BrianUtterback - 23 Oct 2007
I like this and am OK with multiple
-e
instances.
--
HarlanStenn - 23 Oct 2007