[ntp:questions] ntpdate

Danny Mayer mayer at ntp.org
Tue Jun 16 16:57:28 UTC 2009


Todd Glassey CISM CIFI wrote:
> Danny Mayer wrote:
>> Todd Glassey CISM CIFI wrote:
>>  
>>> Danny Mayer wrote:
>>>    
>>>> tglassey wrote:
>>>>  
>>>>      
>>>>> Danny Mayer wrote:
>>>>>           
>>>>>> Scott Haneda wrote:
>>>>>>  
>>>>>>               
>>>>>>> On Jun 15, 2009, at 8:59 AM, Todd Glassey CISM CIFI wrote:
>>>>>>>
>>>>>>>                      
>>>>>>>>> You should be running ntpd as a daemon. That will keep the
>>>>>>>>> clock in
>>>>>>>>> synch and you never have to touch it.
>>>>>>>>>                                     
>>>>>>>> Which creates an audit issue and security profile which always
>>>>>>>> needs
>>>>>>>> to be watched. NTPD is not the answer for everyone Danny.
>>>>>>>>                               
>>>>>>> Can you elaborate on this?  I see that ntpdate and ntpd can both be
>>>>>>> made
>>>>>>> to do the same thing in my case, which is a non daemonized single
>>>>>>> instance setting of time.
>>>>>>>
>>>>>>> If I do not plan on making a daemon, and just running it once a
>>>>>>> hour on
>>>>>>> schedule, as well as in a reboot of the machine after the
>>>>>>> interfaces are
>>>>>>> up, what would my concerns be?
>>>>>>>
>>>>>>> If I do decide to run ntpd as a daemon, what audit/secuirty issues
>>>>>>> should I be looking into?
>>>>>>>
>>>>>>> Thank you Todd.
>>>>>>>                         
>>>>>> He's just blowing fud.
>>>>>>
>>>>>> Danny
>>>>>>                   
>>>>> No Danny I was speaking from an audit perspective. No FUD here - just
>>>>> reality.
>>>>>             
>>>> There are no audit requirements here. That's the reality.
>>>>         
>>> No Danny that is your reality - the commercial users of NTP are the ones
>>> who need the audit process.
>>>
>>>     
>>
>> He's not a commercial user and most commercial users don't need audit in
>> the way you assert.
>>   
> Danny  ALL commercial users do need to apply evidence grade reality to
> their time management practices. That this bothers you is understandable
> - being accountable is a pain in the arse eh?

Not at all. We have SOX processes everywhere at work. None of them
require accurate time since they are not needed. What is needed is a
clear audit trail of what did what.

Don't try to read into something that I didn't say.

Danny

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the questions mailing list