Red Hat Bugzilla – Bug 62238
default configuration is insecure
Last modified: 2007-03-26 23:52:20 EDT
The default configuration file for ntp.conf has:
This allows regular users to change the remote timeserver. We should change the
please, don't forget ia64 :-)
Or that one:
# Prohibit general access to this service.
restrict default ignore
# Permit systems on this network to synchronize with this
# time service. Do not permit those systems to modify the
# configuration of this service. Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
# restrict time.stuttgart.redhat.com noquery nomodify notrap
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
# restrict 127.0.0.1
there is a new NTP package in RH7.3
what about 7.2 ?
It's still a security bug.