diff options
Diffstat (limited to 'modules/ntp')
| -rw-r--r-- | modules/ntp/manifests/init.pp | 17 | ||||
| -rw-r--r-- | modules/ntp/templates/ntp.conf | 6 |
2 files changed, 17 insertions, 6 deletions
diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp index b31d0567..f75310e7 100644 --- a/modules/ntp/manifests/init.pp +++ b/modules/ntp/manifests/init.pp @@ -1,12 +1,17 @@ class ntp { - package { ntp: } +if versioncmp($::lsbdistrelease, '9') < 0 { + $ntppkg = 'ntp' +} else { + $ntppkg = 'ntpsec' +} + package { $ntppkg: } - service { ntpd: - subscribe => [Package["ntp"], File["/etc/ntp.conf"]], + service { 'ntpd': + subscribe => [Package[$ntppkg], File['/etc/ntp.conf']], } - file { "/etc/ntp.conf": - require => Package["ntp"], - content => template("ntp/ntp.conf"), + file { '/etc/ntp.conf': + require => Package[$ntppkg], + content => template('ntp/ntp.conf'), } } diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf index 3f9582d7..72f233c0 100644 --- a/modules/ntp/templates/ntp.conf +++ b/modules/ntp/templates/ntp.conf @@ -25,6 +25,12 @@ driftfile /var/lib/ntp/drift multicastclient # listen on default 224.0.1.1 broadcastdelay 0.008 +# https://www.kb.cert.org/vuls/id/348126 +restrict default nomodify notrap nopeer noquery +restrict -6 default nomodify notrap nopeer noquery +# https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300 +disable monitor + # # Keys file. If you want to diddle your server at run time, make a # keys file (mode 600 for sure) and define the key number to be |