103 lines
2.6 KiB
Bash
103 lines
2.6 KiB
Bash
#!/bin/bash
|
|
# =============================================================================
|
|
# NTP configuration module
|
|
# =============================================================================
|
|
|
|
# Set script directory
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
# Source common functions and variables
|
|
source "./common.sh"
|
|
|
|
# Function to configure NTP
|
|
configure_ntp() {
|
|
log_message "INFO" "Configuring NTP"
|
|
|
|
# Install chrony if not already installed
|
|
if ! is_package_installed "chrony"; then
|
|
log_message "INFO" "Installing chrony NTP service"
|
|
apt-get install -y chrony
|
|
|
|
if [ $? -ne 0 ]; then
|
|
log_message "ERROR" "Failed to install chrony"
|
|
return 1
|
|
fi
|
|
else
|
|
log_message "INFO" "chrony is already installed"
|
|
fi
|
|
|
|
# Configure chrony
|
|
local CHRONY_CONFf="/etc/chrony/chrony.conf"
|
|
|
|
log_message "INFO" "Creating chrony configuration"
|
|
backup_file "$CHRONY_CONF"
|
|
|
|
cat > "$CHRONY_CONF" << EOF
|
|
# Chrony NTP configuration
|
|
# Generated by security hardening script
|
|
|
|
# Use the NTP pool for time synchronization
|
|
pool 0.pool.ntp.org iburst
|
|
pool 1.pool.ntp.org iburst
|
|
pool 2.pool.ntp.org iburst
|
|
pool 3.pool.ntp.org iburst
|
|
|
|
# Record the rate at which the system clock gains/losses time
|
|
driftfile /var/lib/chrony/drift
|
|
|
|
# Allow the system clock to be stepped in the first three updates
|
|
makestep 1.0 3
|
|
|
|
# Enable kernel synchronization of the real-time clock (RTC)
|
|
rtcsync
|
|
|
|
# Serve time even if not synchronized to a time source
|
|
local stratum 10
|
|
|
|
# Specify file containing NTP authentication keys
|
|
keyfile /etc/chrony/chrony.keys
|
|
|
|
# Specify directory for log files
|
|
logdir /var/log/chrony
|
|
|
|
# Select which information is logged
|
|
log tracking measurements statistics
|
|
|
|
# Security settings
|
|
# Disable remote control and monitoring
|
|
cmdport 0
|
|
|
|
# Only allow localhost to synchronize with this server
|
|
allow 127.0.0.1
|
|
deny all
|
|
EOF
|
|
|
|
log_message "SUCCESS" "chrony configuration created at $CHRONY_CONF"
|
|
|
|
# Restart chrony service
|
|
log_message "INFO" "Restarting chrony service"
|
|
service enable chrony
|
|
service restart chrony
|
|
|
|
if [ $? -eq 0 ]; then
|
|
log_message "SUCCESS" "chrony service restarted successfully"
|
|
else
|
|
log_message "ERROR" "Failed to restart chrony service"
|
|
return 1
|
|
fi
|
|
|
|
# Set hardware clock to UTC
|
|
log_message "INFO" "Setting hardware clock to UTC"
|
|
timedatectl set-local-rtc 0
|
|
|
|
if [ $? -eq 0 ]; then
|
|
log_message "SUCCESS" "Hardware clock set to UTC"
|
|
else
|
|
log_message "ERROR" "Failed to set hardware clock to UTC"
|
|
fi
|
|
}
|
|
|
|
# Main execution for NTP configuration
|
|
configure_ntp
|
|
|
|
log_message "SUCCESS" "NTP configuration completed" |