-2

We have a server in AWS with Amazon linux. By default, it comes with NTP service, and we can see that it is in sync. However, when someone changes the time using the below command:

date -s "14 JUL 2014 04:45:00"

The date and time are forced. When the next check happens with NTP, ntpd does not update the time. Can some one help me with this, in order to prevent from unauthorized changes to the time using NTP.

Thomas
  • 4,225
  • 5
  • 23
  • 28
user3752088
  • 11
  • 1
  • 1
  • 1
  • 7
    Restrict root access to operators who don't do intentionally break things. This is not a technical problem and won't have a technical solution. – HBruijn Jul 22 '14 at 11:11

2 Answers2

6

ntp will not change the clock if the time is "too wrong", which might be why you have the problem.

However the simplest way to debug this is to add this to ntp.conf:

  logfile /var/log/ntpd.log

If you run the ntpdate command and receive an error like so:

   # ntpdate ntp.ubuntu.com
   ntpdate[26284]: Can't adjust the time of day: Operation not permitted

This means that you are probably on a VPS, and in that case you can not modify the system clock - this can only be done on the host machine.

3

You seem to miss a whole about how NTPD is working.

First, NTPD will refuse to change time if the machine clock is off for more then configured panic value (defaults to 1000 seconds).

Second, NTPD doesn't only "change" time. It can use a mix of methods to change how the time is counted inside the machine clock making time flow slower or faster.

If you don't want NTPD to interfere - just disable it.

kworr
  • 1,055
  • 8
  • 14