Table of Contents
- Step 1: Set the timezone
- Step 2: Upgrade NTP
- Step 3: Configure ntp
- Step 4: Configure the firewall
For server administrators, it’s important to set and maintain the time on servers correctly. Wrongly configured time will cause chaos within the server environment, such as data inconsistency, data synchronization failures, and job scheduling problems.
To avoid these undesirable issues, first, you need to set a reasonable time zone on your server, giving your server a relatively precise local time. Second, for communication purposes, you can also use NTP (Network Time Protocol) to synchronize the time of your servers and remote NTP servers, keeping the time on your machines in perfect order.
In this article, I will show you how to set the time zone and how to synchronize the time using NTP on a CentOS 6 x64 server.
I assume that you have deployed a CentOS 6 x64 IT Web Services server instance from scratch and have logged in as root.
Step 1: Set the timezone
Input the following command in your terminal:
As you see, the IT Web Services CentOS 6 x64 OS uses the UTC time by default. You can modify it to any time zone as you wish, but using the local timezone of the server’s physical location is a best practice.
If our server was running in China, then we would use the “Asia/Shanghai” time zone:
rm -rf /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
You can navigate to the directory
/usr/share/zoneinfo to find the appropriate time zone. There is an excellent resource on Wikipedia for timezone listings.
date again, you will find that the local system time has changed to CST (China Standard Time) GMT+0800.
Next, we will write the system time info into the hardware clock.
Modify the content of this file as below.
ZONE="Asia/Shanghai" UTC=false ARC=false
Save and quit.
Write the system time into the hardware clock.
hwclock --systohc --localtime
hwclock to see the result.
Step 2: Upgrade NTP
By default, the ntp daemon program has been installed and set up to run on the IT Web Services CentOS 6 x64 server instance. For security purposes, the first thing that we should do is to upgrade it to the latest version.
To see the ntpd version:
At the time of writing, the default installed version is “4.2.6p5”.
Stop the ntpd service:
service ntpd stop
Download the latest version of the ntp program from its official website:
Unzip and go into the newly created directory:
tar -zxvf ntp-4.2.8p2.tar.gz cd ntp-4.2.8p2
Install the necessary components for our installation:
yum -y install gcc libcap-devel
Because we are going to upgrade the existing ntpd program, we need to determine the owner and group info:
cat /etc/group cat /etc/passwd
As you see, the ntp program belongs to the owner ntp (uid=38) and the group ntp (gid=38).
For security purposes, update the configuration of the ntp user account:
usermod -c "Network Time Protocol" -d /var/lib/ntp -u 38 -g ntp -s /bin/false ntp
Compile and install the ntp program:
./configure --prefix=/usr --bindir=/usr/sbin --sysconfdir=/etc --enable-linuxcaps --with-lineeditlibs=readline --docdir=/usr/share/doc/ntp-4.2.8p2 && make make install && install -v -o ntp -g ntp -d /var/lib/ntp
Once the installation has completed, you can check the ntpd version again:
As you see, the ntp program has been upgraded to the latest version “4.2.8p2”.
Step 3: Configure ntp
For better performance and security, we need to modify the default configuration:
ntp.conf configuration file, you can find the ntp servers like:
server 1.time.constant.com server 2.time.constant.com server 3.time.constant.com
For faster synchronization speed, you can change these servers to the ones in the region or even in the country of your datacenter. For example, in United States, you can use:
server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org server 3.us.pool.ntp.org
More NTP pool time servers can be found on the NTP support website.
For security purposes, we should restrict permissions. While still in the
ntp.conf configuration file, find the following two rows:
restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery
Modify them as below:
restrict default limited kod nomodify notrap nopeer noquery restrict -6 default limited kod nomodify notrap nopeer noquery
Additionally, we need to add the following two rows:
pidfile /var/run/ntpd.pid leapfile /etc/ntp.leapseconds
Save and quit:
Reboot the system:
Step 4: Configure the firewall
Add the following sentence to the iptable configuration file
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
Restart the firewall.
service iptables restart
At this point, NTP is fully configured. The ntpd program will continually adjust the time of your server.
If needed, you can check the time synchronization status with the following command:
Do you need help setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!