[Xymon] Patch: ntpdate option -p deprecated

Brian Scott bscott at bunyatech.com.au
Mon Feb 12 14:06:11 CET 2024 

On 12/2/2024 8:08 pm, Roland Rosenfeld wrote:
> Hi Brian!
>
> On Mon, 12 Feb 2024, Brian Scott wrote:
>
>> The -p 1 option is still desirable for standard ntpd. The default is
>> to do 4 probes which is overkill for xymon.
> You are right, but I'm not sure, whether there are still current
> systems using the original ntpd.
FreeBSD includes it as part of the base system. I monitor quite a few 
FreeBSD systems.
>> I have just checked a fresh install of ntpsec from source and can't see
>> ntpdate being installed. Found this on the ntpsec site under Security
>> Improvements:
>>
>>   * The deprecated and vulnerability-prone ntpdate program has been
>>     replaced with a shell wrapper around ntpdig. Its -e and -p options
>>     are not implemented. It is no longer documented, but can be found in
>>     the attic/ directory of the source distribution.
>>
>> I notice that in the script the behaviour when it finds the -p option is to
>> simply warn and ignore it:
>>
>> p) echo "ntpdate: -p is no longer supported." >&2;;
>>
>> So it's just a neatness thing. The script is undocumented (debian may have
>> pinched their man page from standard ntp) and unlikely to ever be updated.
>>
>> Not sure where this leaves us. I know others had similar problems when
>> distros moved to chrony for ntp. Maybe we need a more generalised approach
>> to different ntp implementations going forward.
> Maybe the best way for ntpsec users is to replace the ntpdate call
> with a final ntpdig call (which saves one shell script call).
> As far as I can see "ntpdate -u -q foo" with ntpsec-ntpdate wrapper
> simply calls "ntpdig -t 1 foo", so why not directly use this?

Agree 100%

i think using a discouraged wrapper like this makes no sense.

However, we still need some way to deal with the cases where the default 
is still the old ntp.

> The attached rewritten patch implements this.
Would you mind if I tried to generalise your patch to automatically 
detect which version to use and pick the correct options accordingly? A 
quick look at the code suggests changes to configure.server, a new 
script under build/ to detect which type of ntp is installed, and 
possibly changes to the various build/Makefile.* to set a per-OS 
default. Also I notice that the defaults when nothing is set in 
xymonserver.cfg are established in lib/environ.c but they would be quite 
messy to tinker with.
>
> Greetings
> Roland

Cheers,

Brian

More information about the Xymon mailing list