NTP installation on Debian Wheezy
This is a very quick guide, intention is to help entry-level Linux users to build an NTP server. Note: This article assumes you are working in a VMware environment.
You also need to have NTP available to an internal network and secured from the Monlist attack.
Before you begin
To disable "monlist" functionality on a public-facing NTP server that cannot be updated to version 4.2.7, add the
noquery directive to the
restrict default line in the system’s
/etc/ntp.conf as shown below:
restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery
I've installed the base OS from a netinstall CD ISO. The ISO is small and the Base/Core OS can be installed without needing Internet access.
During the installation, I created the system with a local user
ntpmgr, you can call it what you want just substitute the name where required below.
Building behind a proxy, no worries, edit the
apt.conf file with the proxy connection string:
You can add proxy credentials in this file too!
I'm going to amend
/etc/apt/sources.list to use the http.debian.net redirector:
deb http://http.debian.net/debian/ wheezy main deb-src http://http.debian.net/debian/ wheezy main deb http://security.debian.org/ wheezy/updates main deb-src http://security.debian.org/ wheezy/updates main # wheezy-updates, previously known as 'volatile' deb http://http.debian.net/debian/ wheezy-updates main deb-src http://http.debian.net/debian/ wheezy-updates main
Now let's configure the server so we can manage it from the comfort of your desk using a ssh client:
Install the VMware tools and the
aptitude install less open-vm-tools ntp vim apticron logwatch
Edit the NTP configuration (I'm using the pool zone for Australia):
server 0.au.pool.ntp.org iburst server 1.au.pool.ntp.org iburst server 2.au.pool.ntp.org iburst server 3.au.pool.ntp.org iburst
Restrict access to your local subnet:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
service ntp restart
See if it is working (assuming you have got any enterprise firewall rules configured):
Now for some email alerting:
aptitude install postfix
You will be met with:
The following actions will resolve these dependencies: Remove the following packages: 1) exim4 2) exim4-base 3) exim4-config 4) exim4-daemon-light Accept this solution? [Y/n/q/?] Y
Now to configure SMTP relay in Postfix:
Look for the section
masquerade_domains = yourdomain.com
Now to add the email address to receive email alerts from this server:
We need to compile the "aliases" file to "aliases.db" with this command:
Now it is time to let the mail flow:
service postfix restart
Change passwords, log in and sudo -i: