On 12/2/2024 8:08 pm, Roland Rosenfeld wrote:
Hi Brian!
On Mon, 12 Feb 2024, Brian Scott wrote:
The -p 1 option is still desirable for standard ntpd. The default is to do 4 probes which is overkill for xymon. You are right, but I'm not sure, whether there are still current systems using the original ntpd. FreeBSD includes it as part of the base system. I monitor quite a few FreeBSD systems. I have just checked a fresh install of ntpsec from source and can't see ntpdate being installed. Found this on the ntpsec site under Security Improvements:
- The deprecated and vulnerability-prone ntpdate program has been replaced with a shell wrapper around ntpdig. Its -e and -p options are not implemented. It is no longer documented, but can be found in the attic/ directory of the source distribution.
I notice that in the script the behaviour when it finds the -p option is to simply warn and ignore it:
p) echo "ntpdate: -p is no longer supported." >&2;;
So it's just a neatness thing. The script is undocumented (debian may have pinched their man page from standard ntp) and unlikely to ever be updated.
Not sure where this leaves us. I know others had similar problems when distros moved to chrony for ntp. Maybe we need a more generalised approach to different ntp implementations going forward. Maybe the best way for ntpsec users is to replace the ntpdate call with a final ntpdig call (which saves one shell script call). As far as I can see "ntpdate -u -q foo" with ntpsec-ntpdate wrapper simply calls "ntpdig -t 1 foo", so why not directly use this?
Agree 100%
i think using a discouraged wrapper like this makes no sense.
However, we still need some way to deal with the cases where the default is still the old ntp.
The attached rewritten patch implements this. Would you mind if I tried to generalise your patch to automatically detect which version to use and pick the correct options accordingly? A quick look at the code suggests changes to configure.server, a new script under build/ to detect which type of ntp is installed, and possibly changes to the various build/Makefile.* to set a per-OS default. Also I notice that the defaults when nothing is set in xymonserver.cfg are established in lib/environ.c but they would be quite messy to tinker with.
Greetings Roland
Cheers,
Brian