Introduction of Timezone and NTP
Time in the server is very important to set and maintain correctly. Because if time configured wrong, it will cause chaos within the server environment, such as data inconsistency, data synchronization failures, and job scheduling problems. To prevent those problem in the future, we need to set timezone and ntp on the server accordingly. For timezone exactly like our local time. And then NTP (Network Time Protocol) to synchronize the time of your servers and remote NTP servers, keeping the time on your machines in perfect order.
In this article, will be shown how to setup timezone and NTP on CentOS 6
First, you need to logged in to server as root.
Step 1: Set the timezone
Input the following command in your terminal:
By default, CentOS 6 using the UTC time on their system. We can modify it to any time zone using the local timezone of the server on physical location. For this example, my server was running in Indonesia, then we would use the “Asia/Jakarta” time zone. Use following command line to applying it
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Jakarta /etc/localtime
You can navigate to the directory /usr/share/zoneinfo to find the appropriate time zone. There is an excellent resource on Wikipedia for timezone listings. Input date again, you will find that the local system time has changed to WIB (Western Indonesian Time) GMT+ 7.
Next, we will write the system time info into the hardware clock.
Modify the content of this file as below.
Save and quit.
Write the system time into the hardware clock.
hwclock –systohc –localtime
Input hwclock to see the result.
Step 2: Upgrade NTP
By default, the ntp daemon program has been installed and if not you can install ntp daemon using this command :
yum –y install ntp
For security purposes, the first thing that we should do is to upgrade it to the latest version.
To see the ntpd version:
At the time of writing, the default installed version is “4.2.6p5”. Stop the ntpd service:
service ntpd stop
Download the latest version of the ntp program from its official website:
wget http://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p2.tar.gz. Unzip and go into the newly created directory:
tar -zxvf ntp-4.2.8p2.tar.gz
Install the necessary components for our installation:
yum -y install gcc libcap-devel
Because we are going to upgrade the existing ntpd program, we need to determine the owner and group info:
As you see, the ntp program belongs to the owner ntp (uid=38) and the group ntp (gid=38).
For security purposes, update the configuration of the ntp user account:
usermod -c “Network Time Protocol” -d /var/lib/ntp -u 38 -g ntp -s /bin/false ntp
Compile and install the ntp program:
./configure –prefix=/usr –bindir=/usr/sbin –sysconfdir=/etc –enable-linuxcaps –with-lineeditlibs=readline –docdir=/usr/share/doc/ntp-4.2.8p2 && make && make install && install -v -o ntp -g ntp -d /var/lib/ntp
Once the installation has completed, you can check the ntpd version again:
As you see, the ntp program has been upgraded to the latest version “4.2.8p2”.
Step 3: Configure ntp
For better performance and security, we need to modify the default configuration:
In the ntp.conf configuration file, you can find the ntp servers. And for faster synchronization speed, you can change these servers to the ones in the region or even in the country of your datacenter. For example, in Indonesia you can use:
More NTP pool time servers can be found on the NTP support website. For security purposes, we should restrict permissions. While still in the ntp.conf configuration file, find the following two rows:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
Modify them as below:
restrict default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery
Additionally, we need to add the following two rows:
Save and quit and then reboot the system.
Step 4: Configure the firewall
Add the following sentence to the iptable configuration
iptables -A INPUT -m state –state NEW -m udp -p udp –dport 123 -j ACCEPT
Restart the firewall.
service iptables restart
At this point, NTP is fully configured. The ntpd program will continually adjust the time of your server.
If needed, you can check the time synchronization status with the following command: