The default configuration file for ntp.conf has: authenticate no This allows regular users to change the remote timeserver. We should change the default to: authenticate yes
please, don't forget ia64 :-)
Or that one: # Prohibit general access to this service. restrict default ignore # Permit systems on this network to synchronize with this # time service. Do not permit those systems to modify the # configuration of this service. Also, do not use those # systems as peers for synchronization. # restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. # restrict time.stuttgart.redhat.com noquery nomodify notrap # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. # restrict 127.0.0.1
ntp-4.1.0b-6
there is a new NTP package in RH7.3 what about 7.2 ? It's still a security bug.