Securing NTP Servers

Rarely am I using ntpd to serve ntp information. It is more useful for clock-correction than a strict ntp/sntp client. Thus I don’t want the service listening on a wildcard address, even when there is certainly a firewall in place. I prefer the service to not be listening at all, or listening only to the loopback interface. Here is how to configure that in ntpd and chrony.

ntpd

interface ignore wildcard

chrony

bindaddress 127.0.0.1
port 0
bindcmdaddress 127.0.0.1
cmdport 0

How can I make chronyd more secure?

Leave a Reply

Your email address will not be published. Required fields are marked *