Install prereqs:

sudo apt install -y git build-essential bison libssl-dev libcap-dev \
libseccomp-dev libavahi-compat-libdnssd-dev pps-tools python-dev

Pull source

git clone https://github.com/ntpsec/ntpsec


sudo ./buildprep --ntpviz --doc

Make sure /etc/services has the following:

ntp 123/tcp
ntp 123/udp

Reboot after adding.

Configure and build:

./waf configure  --refclock=all ; ./waf build

Install: (as root)

./waf install

Create an ntp service account: (as root)

adduser --system --no-create-home --disabled-login --gecos '' ntp ;
addgroup --system ntp; addgroup ntp ntp ;
mkdir -p /var/lib/ntp /var/log/ntpstats ;
chown -R ntp:ntp /var/lib/ntp /var/log/ntpstats


# GPS PPS reference (NTP1)
refclock shm unit 1 refid PPS

# GPS Serial data reference (NTP0)
refclock shm unit 0 refid GPS

# NIST Servers
server time-a.nist.gov
server time-a-wwv.nist.gov
server time-a-b.nist.gov

# By default, exchange time with everybody, but don't allow configuration.
restrict default kod limited nomodify
restrict -6 default kod limited nomodify

# Local users may interrogate the NTP server more closely.
restrict -6 ::1
restrict mask

# Drift file etc.
# Ensure that the directory exists, and is writable by whichever user
# the ntpd daemon runs as.
driftfile /var/lib/ntp/ntp.drift

enable stats
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


Description=Network Time Service
After=network.target nss-lookup.target

ExecStart=/usr/local/sbin/ntpd -g -N -u ntp:ntp
# ExecStart=@SBINDIR@/ntpd -g -N -u ntp:ntp
# Specifying -g on the command line allows ntpd to make large adjustments to
# the clock on boot.  However, if Restart=yes is set, a malicious (or broken)
# server could send the incorrect time, trip the panic threshold, and when
# ntpd restarts, serve it the incorrect time (which would be accepted).



This script calls the ntplogtemp program to record the temperature from the CPU and RTC. It also cleans up the data by removing one of the duplicate entries and removing the header. Package lm-sensors must be installed.

/usr/local/bin/ntplogtemp -o -l /var/log/ntpstats/temps
sed '/ZONE0/d' -i /var/log/ntpstats/temps
sed '/sensor/d' -i /var/log/ntpstats/temps
sed -i 's/LM0/RTC/g' /var/log/ntpstats/temps
sed -i 's/LM1/CPU/g' /var/log/ntpstats/temps

Run every 5 minutes, via cron:

*/5 * * * * /ntplogtemps.sh >/dev/null 2>&1
build_ntpsec.txt · Last modified: 2021/08/05 16:20 by john
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0