[Xymon] Patch: ntpdate option -p deprecated
Roland Rosenfeld
roland at spinnaker.de
Mon Feb 12 10:08:09 CET 2024
Hi Brian!
On Mon, 12 Feb 2024, Brian Scott wrote:
> The -p 1 option is still desirable for standard ntpd. The default is
> to do 4 probes which is overkill for xymon.
You are right, but I'm not sure, whether there are still current
systems using the original ntpd.
> I have just checked a fresh install of ntpsec from source and can't see
> ntpdate being installed. Found this on the ntpsec site under Security
> Improvements:
>
> * The deprecated and vulnerability-prone ntpdate program has been
> replaced with a shell wrapper around ntpdig. Its -e and -p options
> are not implemented. It is no longer documented, but can be found in
> the attic/ directory of the source distribution.
>
> I notice that in the script the behaviour when it finds the -p option is to
> simply warn and ignore it:
>
> p) echo "ntpdate: -p is no longer supported." >&2;;
>
> So it's just a neatness thing. The script is undocumented (debian may have
> pinched their man page from standard ntp) and unlikely to ever be updated.
>
> Not sure where this leaves us. I know others had similar problems when
> distros moved to chrony for ntp. Maybe we need a more generalised approach
> to different ntp implementations going forward.
Maybe the best way for ntpsec users is to replace the ntpdate call
with a final ntpdig call (which saves one shell script call).
As far as I can see "ntpdate -u -q foo" with ntpsec-ntpdate wrapper
simply calls "ntpdig -t 1 foo", so why not directly use this?
The attached rewritten patch implements this.
Greetings
Roland
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 92_ntpdate_ntpdig.patch
Type: text/x-diff
Size: 1214 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20240212/fa3a8624/attachment.patch>
More information about the Xymon
mailing list