CentOS 下NTP服务的搭建与配置

系统：CentOS 6.8

SELinux：关闭

iptables：打开

SELinux设置

# setenforce 0
# sed -i 's/SELINUX=enforcing/SELINUX=disable/g' /etc/selinux/config

iptables设置（打开123端口）（可参考 http://man.linuxde.net/iptables）

# iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT
# iptables-save > /home/iptables.save
# iptables-restore </home/iptables.save
# iptables -L -n

&&&&&server端操作&&&&&

# yum -y install ntpdate ntp
//配置开机启动
# echo "/etc/init.d/ntpd start" >> /etc/rc.local
//配置文件
# cat /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
# 允许内网其他机器同步时间
restrict 172.16.12.0 mask 255.255.240.0 nomodify notrap
#restrict default ignore

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# 中国国家受时中心
server 210.72.145.44 perfer
server 202.112.10.36
server 59.124.196.83

# 允许上层时间服务器主动修改本机时间
restrict 210.72.145.44 nomodify notrap noquery
testrict 202.112.10.36 nomodify notrap noquery
restrict 59.124.196.83 nomodify notrap noquery

#外部时间服务器不可用时，以本地时间作为时间服务
server  127.127.1.0
fudge   127.127.1.0 stratum 10

#broadcast 192.168.1.255 autokey    # broadcast server
#broadcastclient            # broadcast client
#broadcast 224.0.1.1 autokey        # multicast server
#multicastclient 224.0.1.1      # multicast client
#manycastserver 239.255.254.254     # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

//启动服务
# /etc/init.d/ntpd start
//查看端口和监听
# netstat -tlunp |grep ntp
udp        0      0 172.16.12.214:123           0.0.0.0:*                               9749/ntpd
udp        0      0 172.16.12.211:123           0.0.0.0:*                               9749/ntpd
udp        0      0 119.44.21.221:123           0.0.0.0:*                               9749/ntpd
udp        0      0 127.0.0.1:123               0.0.0.0:*                               9749/ntpd
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               9749/ntpd
udp        0      0 fe80::b283:feff:fede:81c:123 :::*                                    9749/ntpd
udp        0      0 fe80::b283:feff:fede:81c:123 :::*                                    9749/ntpd
udp        0      0 ::1:123                     :::*                                    9749/ntpd
udp        0      0 :::123                      :::*                                    9749/ntpd
//查看客户端和服务器关系
# ntpq -p
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
210.72.145.44   .INIT.          16 u    -  256    0    0.000    0.000   0.000
*gus.buptnet.edu 10.3.8.150       5 u    2   64  375   62.214  -16.650   4.626
59-124-196-83.H .INIT.          16 u    -  256    0    0.000    0.000   0.000
LOCAL(0)        .LOCL.          10 l  212   64  370    0.000    0.000   0.000
//ntpstat 命令查看时间同步状态，这个一般需要5-10分钟后才能成功连接和同步
# ntpstat
synchronised to NTP server (202.112.10.36) at stratum 6
time correct to within 167 ms
polling server every 128 s

&&&&&client端操作&&&&&

# yum install ntp
//配置文件
# cat /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
#restrict default kod nomodify notrap nopeer noquery
#restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

# 配置时间服务器为本地的时间服务器
server 172.16.12.211
restrict 172.16.12.211 nomodify notrap noquery

server 127.127.1.0
fudge 127.127.1.0 stratum 10

#broadcast 192.168.1.255 autokey    # broadcast server
#broadcastclient            # broadcast client
#broadcast 224.0.1.1 autokey        # multicast server
#multicastclient 224.0.1.1      # multicast client
#manycastserver 239.255.254.254     # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

//client同步server时间
# ntpdate 172.16.12.211
26 Mar 14:37:10 ntpdate[23443]: adjust time server 172.16.12.211 offset 0.010673 sec

参考链接：https://www.linuxidc.com/Linux/2014-11/109412p2.htm