CentOS 7 中使用NTP进行时间同步

1. NTP时钟同步方式说明
NTP在linux下有两种时钟同步方式，分别为直接同步和平滑同步：
直接同步
使用ntpdate命令进行同步，直接进行时间变更。如果服务器上存在一个12点运行的任务，当前服务器时间是13点，但标准时间时11点，使用此命令可能会造成任务重复执行。因此使用ntpdate同步可能会引发风险，因此该命令也多用于配置时钟同步服务时第一次同步时间时使用。
平滑同步
使用ntpd进行时钟同步，可以保证一个时间不经历两次，它每次同步时间的偏移量不会太陡，是慢慢来的，这正因为这样，ntpd平滑同步可能耗费的时间比较长。

标准时钟同步服务
http://www.pool.ntp.org/zone/cn网站包含全球的标准时间同步服务，也包括对中国时间的同步，对应的URL为cn.pool.ntp.org，在其中也描述了ntp配置文件中的建议写法：
server 1.cn.pool.ntp.org
server 3.asia.pool.ntp.org
server 2.asia.pool.ntp.org

2. 环境情况
准备四台电脑，分别为：

3. 检查服务是否安装

• 使用rpm检查ntp包是否安装

[root@localhost kevin]# rpm -q ntp
ntp-4.2.6p5-19.el7.CentOS.3.x86_64

• 如果已经安装则略过此步，否则使用yum进行安装，并设置系统开机自动启动并启动服务

[root@localhost kevin]# yum -y install ntp
[root@localhost kevin]# systemctl enable ntpd
[root@localhost kevin]# systemctl start ntpd

4. 设置ntp服务器: 192.168.11.212

配置前先使用命令：ntpdate -u cn.pool.ntp.org，同步服务器

• 修改/etc/ntp.conf文件，红色字体是修改的内容

# For more information about this file,see the man pages
# ntp.conf(5),ntp_acc(5),ntp_auth(5),ntp_clock(5),ntp_misc(5),ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source,but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # ntp.conf(5),0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor driftfile /var/lib/ntp/drift # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor disable monitor

修改完成后重启ntpd服务systemctl restart ntpd

使用ntpq -p 查看网络中的NTP服务器，同时显示客户端和每个服务器的关系

使用ntpstat 命令查看时间同步状态，这个一般需要5-10分钟后才能成功连接和同步。所以，服务器启动后需要稍等下：
刚启动的时候，一般是：

# ntpstat 
unsynchronised
  time server re-starting
   polling server every 64 s

连接并同步后:

# ntpstat 
synchronised to NTP server (202.112.10.36) at stratum 3
   time correct to within 275 ms
   polling server every 256 s

5. 设置ntp客户端: 172.16.248.129|130|131

安装ntp服务并设置为自动启动，和前面的设置方式相同。然后编辑/etc/ntp.conf文件，红色字体为变化的内容。

server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # ntp.conf(5),0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  disable monitor  

重启ntpd服务

#systemctl restart ntpd

启动后，查看同步情况

# ntpq -p
# ntpstat 

因为是内网，一般ntpstat很快就可以同步上。