CentOS 7 中使用NTP進行時間同步

CentOS 7 中使用NTP進行時間同步

[日期：2015-11-07]

來源：Linux社區  做者：scorpio3k

[字體：大 中 小]

 

 

1. NTP時鐘同步方式說明
NTP在linux下有兩種時鐘同步方式，分別爲直接同步和平滑同步： 
直接同步 
使用ntpdate命令進行同步，直接進行時間變動。若是服務器上存在一個12點運行的任務，當前服務器時間是13點，但標準時間時11點，使用此命令可能會形成任務重複執行。所以使用ntpdate同步可能會引起風險，所以該命令也多用於配置時鐘同步服務時第一次同步時間時使用。 
平滑同步 
使用ntpd進行時鐘同步，能夠保證一個時間不經歷兩次，它每次同步時間的偏移量不會太陡，是慢慢來的，這正由於這樣，ntpd平滑同步可能耗費的時間比較長。

標準時鍾同步服務 
http://www.pool.ntp.org/zone/cn網站包含全球的標準時間同步服務，也包括對中國時間的同步，對應的URL爲cn.pool.ntp.org，在其中也描述了ntp配置文件中的建議寫法： 
server 1.cn.pool.ntp.org 
server 3.asia.pool.ntp.org 
server 2.asia.pool.ntp.org

2. 環境狀況
準備四臺電腦，分別爲：

IP	用途
192.168.11.212	ntpd服務器，用於與外部公共ntpd同步標準時間
172.16.248.129	ntpd客戶端，用於與ntpd同步時間
172.16.248.130	ntpd客戶端，用於與ntpd同步時間
172,16,248.131	ntpd客戶端，用於與ntpd同步時間

3. 檢查服務是否安裝

• 使用rpm檢查ntp包是否安裝

[root@localhost kevin]# rpm -q ntp
ntp-4.2.6p5-19.el7.CentOS.3.x86_64

• 若是已經安裝則略過此步，不然使用yum進行安裝，並設置系統開機自動啓動並啓動服務

[root@localhost kevin]# yum -y install ntp
[root@localhost kevin]# systemctl enable ntpd
[root@localhost kevin]# systemctl start ntpd

4. 設置ntp服務器: 192.168.11.212

配置前先使用命令：ntpdate -u cn.pool.ntp.org，同步服務器

• 修改/etc/ntp.conf文件，紅色字體是修改的內容

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #manycastclient 239.255.254.254 autokey # manycast client # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # 容許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor disable monitor

修改完成後重啓ntpd服務systemctl restart ntpd

使用ntpq -p 查看網絡中的NTP服務器，同時顯示客戶端和每一個服務器的關係

使用ntpstat 命令查看時間同步狀態，這個通常須要5-10分鐘後才能成功鏈接和同步。因此，服務器啓動後須要稍等下： 
剛啓動的時候，通常是：

# ntpstat 
unsynchronised
  time server re-starting
   polling server every 64 s

鏈接並同步後:

# ntpstat 
synchronised to NTP server (202.112.10.36) at stratum 3
   time correct to within 275 ms
   polling server every 256 s

5. 設置ntp客戶端: 172.16.248.129|130|131

安裝ntp服務並設置爲自動啓動，和前面的設置方式相同。而後編輯/etc/ntp.conf文件，紅色字體爲變化的內容。

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  disable monitor  

重啓ntpd服務

#systemctl restart ntpd

啓動後，查看同步狀況

# ntpq -p
# ntpstat

由於是內網，通常ntpstat很快就能夠同步上。