Time and Date

Correct system time is not only a convenience, but also a security issue, because many attacks rely on changing the system clock. However, if your system clock is wrong to start with, you won’t notice a change. Without coherent time across all your servers, you’ll never be able to correlate your logs when troubleshooting. What’s the solution? Fix your time settings before you do anything else. Correcting the time requires both setting a time zone and the clock.

Setting the Time Zone

The installer tries really hard to guess your time zone, using geolocation tricks and a script at the OpenBSD website. If these didn’t work for you, or if you weren’t on the Internet when you installed OpenBSD, or if your company policy says that all servers will run in time zone X, fix your time zone before anyone notices.

The directory /usr/share/zoneinfo contains all of the time zones, as well as several subdirectories for countries or continents with various time zones. For example, Western Siberia runs on Omsk time (found in the file /usr/share/zoneinfo/Asia/Omsk). Presumably, you have some idea of your local time zone and where it might be filed.

To set the system time zone, create a symbolic link to it from /etc/localtime. Use date(1) to make sure that the time zone has been set correctly:

# ln -fs /usr/share/zoneinfo/Asia/Omsk /etc/localtime
# date
Thu Mar 14 06:02:56 OMST 2013

OpenBSD also supports POSIX time zones found in /usr/share/zoneinfo/Etc. POSIX time zones have their own rules. Do not use them unless you are absolutely sure you understand them. (Hint: You don’t.)

Setting the Date and Time

Now that you have set a time zone, set the correct time and date. OpenBSD includes OpenNTPD, a BSD-licensed simplified NTP daemon. If at all possible, use ntpd(8) to manage the time. If you can’t access NTP servers (say, if you’re on a private network without them), set up your own. And if you can’t set up time servers, set the system time manually.

Setting the Time with ntpd(8)

Configure OpenNTPD in /etc/ntpd.conf. The syntax should be familiar to you if you’ve managed any other NTP daemon.

For basic time, you need time servers, ideally three or more. If you don’t have local time servers, use publicly accessible time servers, such as the hosts available at http://pool.ntp.org/.

List your servers in /etc/ntpd.conf:

servers pool.ntp.org

Then enable ntpd in /etc/rc.conf.local:

ntpd_flags=

By default, ntpd slowly adjusts system time by skewing the system clock. If the system time is a few seconds off, slow adjustment will usually suffice, but if it’s off by minutes or more, have ntpd correct the system time on startup and then adjust the time as needed. To enable time correction at startup, use the -s flag:

ntpd_flags="-s"

Time skews most badly on heavily used hardware, lousy hardware, and virtual machines.

Setting the Date Manually

To set the date and time manually, use date(1). First, make sure that you know the current year, month, day of the month, and time (in 24-hour format). Then set the date and time using this format:

# date YYYYmmDDhhMM

For example, to set the date to February 3, 2013 and the time to 1:17 PM, run this:

# date 201302031317
Sun Feb  3 13:17:00 GMT 2013

That said, date(1) will not correct your clock on an ongoing basis, and on some hardware with poor clocks, the time will slowly skew. A virtual machine on heavily loaded hardware will almost certainly lose time. Use NTP to deal with that.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.59.200.206