Good : full update
This commit is contained in:
103
modules/ntp.sh
Normal file
103
modules/ntp.sh
Normal file
@ -0,0 +1,103 @@
|
||||
#!/bin/bash
|
||||
# =============================================================================
|
||||
# NTP configuration module
|
||||
# =============================================================================
|
||||
|
||||
# Set script directory
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
# Source common functions and variables
|
||||
source "./common.sh"
|
||||
|
||||
# Function to configure NTP
|
||||
configure_ntp() {
|
||||
log_message "INFO" "Configuring NTP"
|
||||
|
||||
# Install chrony if not already installed
|
||||
if ! is_package_installed "chrony"; then
|
||||
log_message "INFO" "Installing chrony NTP service"
|
||||
apt-get install -y chrony
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
log_message "ERROR" "Failed to install chrony"
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
log_message "INFO" "chrony is already installed"
|
||||
fi
|
||||
|
||||
# Configure chrony
|
||||
local CHRONY_CONFf="/etc/chrony/chrony.conf"
|
||||
|
||||
log_message "INFO" "Creating chrony configuration"
|
||||
backup_file "$CHRONY_CONF"
|
||||
|
||||
cat > "$CHRONY_CONF" << EOF
|
||||
# Chrony NTP configuration
|
||||
# Generated by security hardening script
|
||||
|
||||
# Use the NTP pool for time synchronization
|
||||
pool 0.pool.ntp.org iburst
|
||||
pool 1.pool.ntp.org iburst
|
||||
pool 2.pool.ntp.org iburst
|
||||
pool 3.pool.ntp.org iburst
|
||||
|
||||
# Record the rate at which the system clock gains/losses time
|
||||
driftfile /var/lib/chrony/drift
|
||||
|
||||
# Allow the system clock to be stepped in the first three updates
|
||||
makestep 1.0 3
|
||||
|
||||
# Enable kernel synchronization of the real-time clock (RTC)
|
||||
rtcsync
|
||||
|
||||
# Serve time even if not synchronized to a time source
|
||||
local stratum 10
|
||||
|
||||
# Specify file containing NTP authentication keys
|
||||
keyfile /etc/chrony/chrony.keys
|
||||
|
||||
# Specify directory for log files
|
||||
logdir /var/log/chrony
|
||||
|
||||
# Select which information is logged
|
||||
log tracking measurements statistics
|
||||
|
||||
# Security settings
|
||||
# Disable remote control and monitoring
|
||||
cmdport 0
|
||||
|
||||
# Only allow localhost to synchronize with this server
|
||||
allow 127.0.0.1
|
||||
deny all
|
||||
EOF
|
||||
|
||||
log_message "SUCCESS" "chrony configuration created at $CHRONY_CONF"
|
||||
|
||||
# Restart chrony service
|
||||
log_message "INFO" "Restarting chrony service"
|
||||
service enable chrony
|
||||
service restart chrony
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
log_message "SUCCESS" "chrony service restarted successfully"
|
||||
else
|
||||
log_message "ERROR" "Failed to restart chrony service"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Set hardware clock to UTC
|
||||
log_message "INFO" "Setting hardware clock to UTC"
|
||||
timedatectl set-local-rtc 0
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
log_message "SUCCESS" "Hardware clock set to UTC"
|
||||
else
|
||||
log_message "ERROR" "Failed to set hardware clock to UTC"
|
||||
fi
|
||||
}
|
||||
|
||||
# Main execution for NTP configuration
|
||||
configure_ntp
|
||||
|
||||
log_message "SUCCESS" "NTP configuration completed"
|
||||
Reference in New Issue
Block a user