mirror of
https://github.com/xcat2/xcat-core.git
synced 2026-05-06 00:59:13 +00:00
bd260c9feb
The ntpd config generated by makentp had no access restrictions, explicitly disabled authentication, and was vulnerable to CVE-2013-5211 amplification attacks. Add restrict lines to block unauthorized access, add iburst for faster initial sync, replace "disable auth" with "disable monitor". Security hardening applies to all platforms including AIX (xntpd supports the same restrict directives). The chrony path (EL8+) is unaffected — it delegates to setupntp. Fixes #2435