On Wed, Jul 17, 2013 at 08:07:03AM -0500, Chris Adams wrote: > Once upon a time, Jaroslav Reznik <jreznik@xxxxxxxxxx> said: > > ntpdate is slowly being depricated. STIG enhancements for RHEL 6 penalize > > systems that make use of ntpdate. Also documentation from the NSA Hardening > > Guidelines as well as CIS Hardening documentation recommends disabling the use > > of ntpd as a full-time daemon. > > Really? Why? Active management of the clock is the only sensible way > to use NTP. +1. Anyway, I thought chrony was the default NTP service on Fedora now? http://fedoraproject.org/wiki/Features/ChronyDefaultNTP Although my recently installed Fedora 19 didn't have chrony nor ntpd. I guess the default now is "no time sync". > > Second, I would like to add a set time and/or randomized time for ntpd to > > check for time updates (as configured by the user in /etc/sysconfig/ntpdate). > > > > I'm thinking of using ntpd with the -q option to immediately exit the daemon > > after it runs. > > This sounds like you want to run ntpd from cron - that is a TERRIBLE > idea! Running something that manages the clock from a job system the > depends on the clock is broken by design. > > The NTP project has been trying to deprecate ntpdate for a long time > now, so I have no problem with it going away. However, while the > proposal subject is to remove ntpdate, you then go into changing the way > ntpd is used, which is bad (and not obvious from the subject). Agreed. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
