xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2026-05-05 16:49:08 +00:00
Code Issues Releases Wiki Activity

Merge pull request #7523 from VersatusHPC/fix/makentp-insecure-config

Browse Source 
fix: harden makentp generated ntp.conf
This commit is contained in:
Markus Hilger
2026-04-30 10:22:50 +02:00
committed by GitHub
parent d7748b6e3a bd260c9feb
commit 568f1b8a44
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
xCAT-server/lib/xcat/plugins/makentp.pm
View File

@@ -320,14 +320,17 @@ sub process_request {
or xCAT::MsgUtils->message('SE',
"Cannot open $ntpcfg for NTP update. \n");
print CFGFILE "restrict default nomodify notrap nopeer noquery\n";
print CFGFILE "restrict 127.0.0.1\n";
print CFGFILE "restrict ::1\n\n";
if (defined($ntp_servers) && $ntp_servers) {
my @npt_server_array = split(',', $ntp_servers);
# add ntp servers one by one
foreach my $ntps (@npt_server_array) {
if (!$ntp_master) { $ntp_master = $ntps; }
print CFGFILE "server ";
print CFGFILE "$ntps\n";
print CFGFILE "server $ntps iburst\n";
}
}
@@ -337,20 +340,19 @@ sub process_request {
if (xCAT::Utils->isAIX()) {
print CFGFILE "driftfile /etc/ntp.drift\n";
print CFGFILE "tracefile /etc/ntp.trace\n";
print CFGFILE "disable auth\n";
print CFGFILE "broadcastclient\n";
} elsif ($os =~ /sles/) {
print CFGFILE "driftfile /var/lib/ntp/drift/ntp.drift\n";
print CFGFILE "disable auth\n";
} else {
print CFGFILE "driftfile /var/lib/ntp/drift\n";
print CFGFILE "disable auth\n";
}
#add xCAT mn/sn itself as a server
print CFGFILE "server 127.127.1.0\n";
print CFGFILE "fudge 127.127.1.0 stratum 10\n";
print CFGFILE "disable monitor\n";
close CFGFILE;
my $ntp_service = "ntpserver";