Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
5
Replies

Want NTP on your IDS?

bryan.green
Level 1
Level 1

‎01-31-2003 11:47 AM - edited ‎03-09-2019 01:55 AM

Hello everyone! Below you will find my generic howto on how to add NTP service to your Cisco IDS. Obviously Cisco doesn't "support" this configuration but it is very simple so it shouldn't cause any problems. The NTP update service is already installed on the OS so this process is very simple.

1.) SSH/Telnet into your IDS and login as root.

2.) Unless you are familiar with the ed editor, excute these commands so that you don't frustrate yourself. "EDITOR=/usr/bin/vi" then "export EDITOR". Now vi will be your default editor.

3.) Type "crontab -l". This will list your current crontab, I suggest you make a backup of this unless you are good with vi. :)

4.) Tyco "crontab -e". This will allow you to edit your crontab entries within the vi editor. The statement I added is "30 11 * * * /usr/sbin/ntpdate 123.123.123.1 > /dev/null 2>&1"

This will run the ntpdate program every day at 11:30am, pulling the time from the 123.123.123.1 NTP server.

-Bryan <bryangreen@tycoint.com>

Labels:
0 Helpful
5 Replies 5

s309973
Level 1
Level 1

‎02-03-2003 10:00 AM

Bryan,

Thanks for the information - excellent instructions. How would you recommend someone "confirm" their sensor is being properly updated via NTP? I have limited experience with Solaris. I presume there might be something from the command prompt which would indicate the system's source of time?

Thanks.

0 Helpful

bryan.green
Level 1
Level 1
In response to s309973

‎02-03-2003 11:10 AM

To confirm your sensor is updating the time correctly I would simply go in and manually set the date incorrectly and then wait until the cron job runs and the system time should be corrected. :)

0 Helpful

grimish
Level 1
Level 1

‎02-07-2003 02:31 AM

Hi,

Did this and it worked manually, but for some reason did not appear to work automatically.

Also I noticed that the IDS also attemtps to contact 0.0.0.2 on port 123(udp). Whats this all about?

If I chance your 30 11 to 58 23 does this mean it will run at 11:58pm?

0 Helpful

duchesne_ced
Level 1
Level 1

‎02-07-2003 06:10 AM

I don't understand why you need your crontab to use ntp

To enable NTP on your IDS:

telnet as root on the IDS

1) cd /etc/inet

2) cp ntp.client ntp.conf

3) vi ntp.conf

4) add the following line : server #your_ip_ntp_server

5) close ntp.conf

6) reboot the IDS

... it's done and the process (xntpd) is running: check with ps -ef

use also xntpdc and issue the command peers to check the status of your association.

it works for me

regards

0 Helpful

bryan.green
Level 1
Level 1
In response to duchesne_ced

‎02-07-2003 10:02 AM

Yes, I agree that editing the ntp.conf file will probably achieve the same task. The only problem I see is that the xntpd daemon is ALWAYS running and using up system resources, in addition to whatever security risks associated with keeping this process going. I still believe a simple cronjob running the ntp update is a better all around solution, I guess the point could be argued either way. :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents