diff options
author | Nicolas Vigier <boklm@mageia.org> | 2014-01-31 18:48:46 +0000 |
---|---|---|
committer | Nicolas Vigier <boklm@mageia.org> | 2014-01-31 18:48:46 +0000 |
commit | ae2169fe99a60d32aab6bd5b3cdbba8f99354edf (patch) | |
tree | 2529c6dfd8078f1b8524c79d344893a59932c21f /modules/ntp/templates | |
parent | e5e75b51c4e0c58bd34f524fe7d60b7fd29c451b (diff) | |
download | puppet-ae2169fe99a60d32aab6bd5b3cdbba8f99354edf.tar puppet-ae2169fe99a60d32aab6bd5b3cdbba8f99354edf.tar.gz puppet-ae2169fe99a60d32aab6bd5b3cdbba8f99354edf.tar.bz2 puppet-ae2169fe99a60d32aab6bd5b3cdbba8f99354edf.tar.xz puppet-ae2169fe99a60d32aab6bd5b3cdbba8f99354edf.zip |
ntp: add workaround for NTP reflection attack
Diffstat (limited to 'modules/ntp/templates')
-rw-r--r-- | modules/ntp/templates/ntp.conf | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf index 3f9582d7..4dc42c85 100644 --- a/modules/ntp/templates/ntp.conf +++ b/modules/ntp/templates/ntp.conf @@ -25,6 +25,12 @@ driftfile /var/lib/ntp/drift multicastclient # listen on default 224.0.1.1 broadcastdelay 0.008 +# http://www.kb.cert.org/vuls/id/348126 +restrict default nomodify notrap nopeer noquery +restrict -6 default nomodify notrap nopeer noquery +# https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300 +disable monitor + # # Keys file. If you want to diddle your server at run time, make a # keys file (mode 600 for sure) and define the key number to be |