imthenachoman / How-To-Secure-A-Linux-Server

An evolving how-to guide for securing a Linux server.

Creative Commons Attribution Share Alike 4.0 International

17.34k stars 1.11k forks source link

NTP for Ubuntu 16.04 and above #86

Open kevinwheeler opened 2 years ago

kevinwheeler commented 2 years ago

Two separate questions.

1) Is the NTP setup necessary for Ubuntu versions above 16.04? Or is this no longer needed due to the fact that these versions of Ubuntu come with timesyncd? (sources: Corey Goldberg's comment on this answer https://askubuntu.com/a/641160 and these Digital Ocean articles: https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-20-04 - https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-18-04 - https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-16-04 )

2) If NTP setup is necessary, do we need to disable timesyncd as per the following quote: "Before installing ntpd, you need to turn off timesyncd in order to prevent the two services from conflicting with one another." from this article https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-16-04 ?

imthenachoman commented 2 years ago

I don't think it is necessary anymore. I lost my Linux server a while ago (long story) and I haven't replaced it yet so I've been out of the loop with what is necessary. I'll try to find time to research and update this guide. Or if you want to submit a PR I would be happy to merge it.

kiv57 commented 11 months ago

+1 : it seems that for an NTP client purpose only, the systemd-timesyncd does a minimalist but sufficient job, except for use cases requiring greater precision maybe ? a stackexchange question comparing NTP and timesyncd

imthenachoman commented 11 months ago

Yeah. I'm thinking maybe this is not needed anymore but I don't have a server anymore that I can confirm on. I run Debian + KDE on my daily driver and it came with NTP but I'm not sure if that's cause I'm using it as a personal computer, and not a server, so it installed it.

AngeloThys commented 5 months ago

Is NTP Necessary?

This is for the sysadmin (yourself) to decide based on the system's needs and capabilities.

Timesyncd uses SNTP instead of NTP, which means the following:

less memory and processing power usage
less precise time (does not use advanced drift correction algorithms)
less security (only uses TLS and NTS)
cannot work as a NTP server, only as a client

In my case, any time a server has enough resources I will prefer NTP daemons, purely for the advanced security mechanisms.

If NTP, Should Timesyncd Be Disabled?

when installing ntpd with apt, it prompts you that it will uninstall the systemd-timesyncd package.