ntpd 4.2.4p8 - up to date?
Darren Pilgrim
list_freebsd at bluerosetech.com
Sat Nov 2 22:59:43 UTC 2013
On 11/1/2013 9:05 AM, Karl Pielorz wrote:
> A friend who uses linux a lot happened to notice on a FreeBSD box I
> installed the other day and updated to 9.2-R that it's using ntpd 4.2.4p8.
There are two ntpd's in ports: a newer version of the one in base (it's
literally a drop in replacement) and OpenBSD's openntpd. If you just
need a local accurate clock and maybe time service for your LAN, the one
in base is ok because you can configure it to workaround the open CVEs.
If you're running a public NTP service, you can't workaround spoofing
vulnerabilities, so use one of the ports because you can keep it up to
date much more easily.
You can remove ntpd from the base yourself:
1. Add "WITHOUT_NTP" to /etc/src.conf
2. Run the delete-old and delete-old-libs targets to "uninstall" the
base ntpd.
3. Install ports/etc/ntp
The port uses the in-base RC script, so you need to set
ntpd_program="/usr/local/bin/ntpd"
ntpd_config="/usr/local/etc/ntp.conf"
in /etc/rc.conf to repoint the script at the port. You don't have to
move ntp.conf, but /etc/ntp.conf gets removed by the delete-old target.
More information about the freebsd-security
mailing list