We can either create swap file or swap partition and make it as swap space.
How to create swap space from file?
To create 512MB swap file, run below commands. Make sure the file system has enough diskspace, where you are creating swap file.
dd if=/dev/zero of=swapfile bs=1024 count=524288
chmod 600 swapfile
mkswap swapfile
swapon swapfile
To automate this while rebooting, add following entry to /etc/fstab. (Assumed that you created swapfile under /opt)
/opt/swapfile swap swap defaults 0 0
How to create swap space from partition?
Create a partition using "fdisk" with type swap i.e. make partition type to 82. Type "t" to set the partition type. (Assumed that you created a partition /dev/hdb1 as swap). To activate, run following commands
mkswap /dev/hdb1
swapon /dev/hdb1
To automate this while rebooting, add following entry to /etc/fstab.
/dev/hdb1 swap swap defaults 0 0
Use "free" command before and after executing above methods to verify that the swap has been created / increased
Have Fun .....
Sikkandar.Linux at Gmail.Com
Saturday, December 20, 2008
How to create/increase swap on the fly in Linux?
Saturday, December 6, 2008
How to Setup or Check Network Speed and Duplex on Linux?
What is Half and Full Duplex?
In Full duplex, the data (signal) can flow in both directions
In Half duplex, the data (signal) can flow in one direction at a time
So, the duplex settings is very important. To check duplex and speed settings, ethtool is the best tool.
To see the duplex and speed setting of interface eth0 just run following command
# ethtool eth0
To setup, 100 Mbps speed, Full duplex and make it static on interface eth0 , run below command:
# ethtool -s eth0 autoneg off duplex full speed 100
autoneg off make sure that this setting does not change in response to the port setting on which this interface is connected, such as switch.
In newer version, this settings can be done in configuration file. For example in newer version SUSE such as 10.x, this setting can be done in respective interface configuration file, which can be found under /etc/sysconfig/network. The interface configuration file looks like ifcfg-eth-id-00:c0:0d:01:75:05
In older versions such as SUSE 9, we need to set up manually. I added this settings in a bash shell script and placed under /etc/sysconfig/network/scripts and created symbolic links from /etc/sysconfig/network/if-up.d.
# ls -al
total 8
drwxr-xr-x 2 root root 4096 Apr 22 2008 .
drwxr-xr-x 6 root root 4096 Feb 19 2008 ..
lrwxrwxrwx 1 root root 21 Apr 22 2008 eth0-setup -> ../scripts/eth0-setup
# cat ../scripts/eth0-setup
#!/bin/bash
#
# This script has been added by Sikkandar to make sure
# that the NIC Configuration is set to FULL DUPLEX with SPEED 100
#
# Date : 04.Oct.2007
#
# OS : SUSE LINUX Enterprise Server 9
#
/usr/sbin/ethtool -s eth0 autoneg off duplex full speed 100
Have Fun ........
Sikkandar.Linux at GMail.Com
Wednesday, December 3, 2008
What is "/etc/fstab" and how it is important for "mount" command.
fstab stands for File System Table, contains device or partitions details and indicates how they are to be initialized. This file is mostly used by mount command.
Let us have a look at what each column means on this file:
Sample content of /etc/fstab (on Solaris it is /etc/vfstab)
1st Column (device-name): This column contains devices or partitions name
2nd Column (mount point):Mount point of device or partition
3rd Column (fs-type): The type of file system
4th Column (mount-options): Mount options such as ro, rw, noauto, user, exec and acl, etc. use man
5th Column (dump-frequency): useful when we use dump command for backup larger numbers than one are to avoid too many backups of idle file-systems
6th Column (pass-number): This tells on which order, the fsck to be done while booting. "0" zero means don't do fsck.
Whenever we issue mount -a, it reads the /etc/fstab and mount the file systems according to the settings. If it is "noauto" on mount-options for any file systems, it will not mount. Default is auto.
For more, do a "man mount"
Have a fun ....
Sikkandar.Unix at Gmail.Com
Monday, December 1, 2008
Sendmail - How to Override MX Record
The following settings force the mails to forward particular server:
1. Add following line into /etc/mail/mailertable
domain mailer:[destinationhost.domain.name]
2. rebuild mailertable
makemap hash mailertable < mailertable
3. restart sendmail
rcsendmail restart
Sendmail - How to process mail from mail queue for particular Email Address
sendmail -q -v -qREmailID@domain.name
Example: sendmail -q -v -qRnsikkandar@gmail.com
sendmail - How to reprocess mail from mail queue for particular domain
sendmail -q -v -qR@valid.domain.name
Example:
sendmail -q -v -qR@gmail.com
sendmail -q -v -qR@my.example.com
Monday, November 10, 2008
Installing Windows 2000 on Dell Power Edge 2950
I had a chance to install Windows 2000 on Dell power Edge 2950. I created the RAIDs using Adaptech utilities and started installation through CD-ROM. But, unfortunately the OS could not see the Disk arrays and thrown following error:
There is no disk in this drive
So, the installation aborted. Then I tried the installation once again using Windows 2000 installation CD, and pressed F6 to load drivers. But it is asking to load Floppy disk to load drivers. But, Dell Power Edge 2950 does not have Floppy drive, the installation started consuming time. Now, we have to either make the USB drive as Floppy drive or integrate OS with Perc-5 drivers.
Fortunately, our windows admin integrated the Perc-5 with Windows 2000 CD with the help of utility provided by IBM, the installation started smoothly.
Hope, IBM and Windows will resolve this issue soon and make the administrator to have deep breath :-)
Have a fun guys.
sikkandar.unix at gmail.com
-----------------------------------------------------------------------------------------------------------------
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
-----------------------------------------------------------------------------------------------------------------
Friday, October 24, 2008
IPSO Installation on Nokia Firewall and CheckPoint Installation on Nokia Firewall
My First experience on Nokia Firewall :-). I wanted this to be documented, may useful for others too. Let me know if you have any feedback.
Installing IPSO on Nokia IP330 through FTP
Pre-Install
Connect IP330 with your machine through console cable on COM port.
Connect Nokia IP330 with your machine through cross over cable (or make both the machine in same network and provide concern gateway)
Create a Hyper Terminal
Provide a name for a connection and select Icon and click OK
Select COM Port on which the console cable is connected from Nokia IP330, (COM1 is in this example) and click OK
Click Restore Defaults and click OK
Now Power ON the Nokia IP330 device, you should able to see the basic booting messages, wait till you get the following options :
1. Boot Manager
2. IPSO
Press 1
On boot manager command, type "install" and provide the required information when asked.
Basically it asks, type of FTP Connection (Make sure, FTP is running on your machine and Firewall is off, and the gate way is the IP you are going to assign for your Nokia IP330. Make ftp home directory as where IPSO CD is loaded), IP Address of Nokia Device and FTP IP address, and Speed/Duplex settings, etc.
You will be prompted with three options
1. Install all packages without prompt
2. Install all packages with prompt
3. No packages
We select option 3 so that only IPSO will be installed.
Once installation is completed, reboot the machine and provide the required data when it prompts.
Now you should able to open GUI (Voyager) from your machine through browser with the IP assigned for Nokia IP330 and you can able to manage your Nokia IP330
INSTALLAING CHECKPOINT THROUGH VOYAGER)
1. Download IPSO Wrapper from CheckPoint site and store it into your ftp home folder
2. Open Voyager GUI through browser and login with admin id and password
3. Goto Manage installed packages - FTP and new packages - provide FTP server IP, user id and password and Finally click Apply
4. It will extract the wrapper. Now install the wrapper. You may watch the status in console by seeing online log file which is located in /var/log/ (tail -f /var/log/newpkg.log)
5. restart machine or relogin (su -).
6. Restart CheckPoint "cpstop" and "cpstart" from /opt/CPshared-50-04/bin
7. Now run cpconfig from console from /opt/CPshared-50-04/bin
8. Provide all required details when prompts. Usually, License details, Management stations IP, GUI Enable, and Admin users, etc....
9. Install Checkpoint Client (Smart Center) on Management station and connect to the Nokia IP330 Firewall.
10. Make necessary settings and rules according to your company policies.
Have lot of fun ......
Sikkandar dot linux at Gmail.Com
Wednesday, October 15, 2008
Recover Corrupted Partition From A Bad Superblock
1. Find a backup superblock using newfs command
Example
newfs -N /dev/sda2
OR
dumpe2fs /dev/sda2 | grep superblock
2. Now you have the superblock (if you are lucky). Recover the superblock.
fsck -b
Example
fsck -b 32768 /dev/sda2
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
-----------------------------------------------------------------------------------------------------------------
Monday, September 15, 2008
How to use ssh without asking password?
We may need to login to other servers or our script may need to collect data from other servers. As we know, ssh is a secured connection to the remote servers and we may need to login without password. Here are the steps to use ssh login without password:
aspadmin is an existing user in both "LinuxMonitor" and "mail1" servers.
Step-1: Generating Keys:
aspadmin@LinuxMonitor:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/aspadmin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/aspadmin/.ssh/id_rsa.
Your public key has been saved in /home/aspadmin/.ssh/id_rsa.pub.
The key fingerprint is:
24:bf:71:70:ba:72:39:76:3e:a7:1c:bc:81:c3:92:f5 aspadmin@LinuxMonitor
Step-2: Creating ".ssh" folder in remote machine(mail1) for user(aspadmin)
aspadmin@LinuxMonitor:~> ssh aspadmin@mail1 mkdir -p .ssh
The authenticity of host 'mail1' can't be established.
RSA key fingerprint is 8b:2a:08:a9:89:8d:8e:31:25:0a:dd:77:d5:7f:30:e0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mail1,' (RSA) to the list of known hosts.
Password:
Step-3: Copying the key to the remote machine(mail1) for user(aspadmin)
aspadmin@LinuxMonitor:~> scp .ssh/id_rsa.pub aspadmin@mail1:~aspadmin/.ssh/authorized_keys2
Password:
id_rsa.pub 100% 231 0.2KB/s 00:00
Step-4: Thats all. Now you can connect to mail1 without password.
aspadmin@LinuxMonitor:~> ssh mail1
Last login: Wed Jun 25 14:51:52 2008 from xxx
aspadmin@mail1:~>
-----------------------------------------------------------------------------------------------------------------
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
-----------------------------------------------------------------------------------------------------------------
Saturday, September 13, 2008
How to configure xinetd?
xinetd Daemon
By default xinetd does not start automatically. You can find this service under /etc/init.d. To make xinetd daemon to start start automatically during boot, run insserv xinetd (or) chkconfig xinetd on
To start/stop/restart/reload xinetd, use rcxinetd command
Configuration
/etc/xinetd.conf is a default configuration file of xinetd. You may not need to make any changes in this file.
You can include dedicated configuration file for each service under /etc/xinetd.d folder.
Example configuration file for pop3
service pop3
{
port = 110
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/popper
}
Few useful options are below:
instances = 30 #Maximum number of instaances
cps = 50 10 #50 connections per seconds, 10 seconds wait time after 50 connections.
only_from #allow from specific remote hosts
no_access #restrict access for specific remote hosts
access_time #service available time e.g. access_time 09:00-20:00
interface #specify which IP being used for xinetd when more than one interface used.
For more information man xinetd
-----------------------------------------------------------------------------------------------------------------
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
-----------------------------------------------------------------------------------------------------------------
why xinetd
The services can be fired when the system boots, which will occupy its respective ports and waiting for connections always. It will be using resources un-necessarily if the services will be used occasionally.
xinetd process run behalf of the services and it starts the process if any connection comes. So, it saves more system resources.
-----------------------------------------------------------------------------------------------------------------
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
-----------------------------------------------------------------------------------------------------------------
Saturday, June 14, 2008
How to check Network speed (Bandwidth / throughput) between servers
One of the best tool I used to check network (bandwidth / throughput) speed is, iperf. The easiest way to install iperf is just google for iperf RPM, download appropriate rpm for your server.
You donot have to be an expert to run iperf. once iperf is installed in your server, just run iperf -s in the server and iperf -c ServerIP in client
For example:
At Server
=======
iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 32.00 KByte (default)
------------------------------------------------------------
At Client
======
iperf -c 10.0.0.5
------------------------------------------------------------
Client connecting to 10.0.0.5, TCP port 5001
TCP window size: 32.00 KByte (default)
------------------------------------------------------------
[1912] local 10.0.0.211 port 1793 connected with 10.0.0.5 port 5001
[ ID] Interval Transfer Bandwidth
[1912] 0.0-10.0 sec 103 MBytes 94 Mbits/sec
-----------------------------------------------------------------------------------------------------------------
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
-----------------------------------------------------------------------------------------------------------------
Sunday, May 11, 2008
Linux Commands
s
-----------------------------------------------------------------------------------------------------------------
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
-----------------------------------------------------------------------------------------------------------------
Linux Access Control List (ACL)
Basic Linux permissions are having following limitations:
1. We cannot set more than one entity as the user or group owner of a file.
2. We cannot set permission on a per file or directory basis.
ACL is one of the system to overcome these limitations.
Important Note:
Have a look into /etc/fstab to make sure acl is enabled for the device is mounted. Content of /etc/fstab looks like below if acl is enabled:
#cat /etc/fstab
/dev/hda1 / reiserfs acl,user_xattr 1 1
/dev/hda2 swap swap defaults 0 0
proc /proc proc defaults 0 0
.
.
.
If acl is not added for the device in /etc/fstab, you have to add this option and remount.
setfacl - Setting File Access Control List
Once acl is set for a device, using setfacl command, we can create Access Control List. To make user alexander as trustee for a file somefile do the following:
setfacl -m u:alexander:rwx somefile
In addition to that, to add the group sales as trustee group for the file somefile.
setfacl -m g:sales:rw somefile
This command does not make any difference in file permissions, but add a '+' sign behind the permissions list
getfacl - Setting File Access Control List
getfacl somefile displays the acl to somefile
For more information on these commands man setfacl and man getfac
-----------------------------------------------------------------------------------------------------------------
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
Monday, May 5, 2008
Setting Permissions
Linux works with three entities that can be set as the owner of the file or directory. Those are owner, group owner and others.
ls -l command provide the detailed information of files in a directory. The first column of the output shows 10 permission bits something like -rwxr-xr-x
For example:
# ls -l
-rwxr-xr-x 1 alexander users 1024 2008-05-06 11:20 somefile
(# in above example, is command prompt)
The first bit says the type of the file. Mostly it is - which means it is a regular file. If it is d means, it is a directory and etc.
The next three bits says the permissions (r-read, w-write, x-execute) for owner of the file.
The next three bits says the permissions for the group and last three bits says the permission for others.
The owner of the file or Administrator can change the permission of a file using chmod command.
chmod entity + or - permission(s)
For example, to remove executable permission for others for file somefile
chmod o-x somefile
to add write permission for group for file somefile
chmod g+w somefile
Permissions are
r - read
w - write
x - execute
s - set user or group id
t - sticky bit
If set user or group id is given for a file, the execute (x) permission of respective entity (user or group) will be replaced with s
For example, if set user id is given fo somefile, it looks like below output
-rwsr-xr-x 1 alexander users 1024 2008-05-06 11:20 somefile
If sticky bit is set to a file, t will be added at last bit of permissions
For example, if sticky bit is set to somefile, it looks like below output
-rwsr-xr-t 1 alexander users 1024 2008-05-06 11:20 somefile
Set User ID, Group ID and Sticky Bit
SUID: Set User ID means, when this permission is applied to the executable file, the user who execute the file will have the permissions of the owner of the file while executing.
SGID: Set Group ID
Sticky Bit: When sticky bit is applied to a file, user can remove only if (1) the user is owner of the file (2) the file is in a directory of which the user is the owner OR (3) the user has the write permissions on the file.
Sunday, May 4, 2008
Change Group Ownership
To check the list of groups a user belongs to ....
groups user
To change the group owner for temporary ...
newgrp groupName
Example:
To see the list of groups the user alexander belongs to ...
groups alexander
To change the primary group of alexander to sales, as user alexander, type below command.
newgrp sales
Changing File Ownership
chown {user|.group} file
It is a command to change the owner of the file or directory.
For example
(1) to change the owner of file example to alexander
chown alexander example
(2) to change the group owner of file example to development
chown .development example
(3) to change the owner of file example to alexander and group owner to development in one command
chown alexander.developent example
(4) to change the owner of directory example and all its sub-directories to owner alexander.
chown -R alexander example
Note: The option -R means Recursively
Saturday, May 3, 2008
Deleting User
userdel
This is the command to delete user in your local system.
delete an user
userdel sikkandar
User sikkandar will be deleted from your local machine without home directory.
Delete an user with home directory
userdel -r sikkandar
Delete an user with home directory including files owned by other users
userdel -rf sikkandar
Sunday, April 20, 2008
Adding New User
useradd
This is the command to create new user in your local system.
Create an user
useradd sikkandar
User sikkandar will be added to your local machine without home directory.
Create an user with home directory
useradd -m sikkandar
To create password for user
passwd username
For example: passwd sikkandar
For more details see man useradd
TIPS
If you forgot to create home directory and you want to create the same later, do the following:
To create the home directory for user sikkandar:
mkdir /home/sikkandar
cd /etc/skel
tar cv . | tar xvC /home/sikkandar
chown -R sikkandar.users /home/sikkandar
Network Time Protocol (NTP) - Client Configuration
Check the time difference between the NTP server and Client. If the time difference is more than 1024 seconds, run ntpdate (ntpdate synchronize the time with the server) command as follows:
ntpdate ntp.your-ntp-server.somewhere
For example: ntpdate pool.ntp.org
IMPORTANT NOTE:
You may get an Error message "socket already in use" while running ntpdate command. You will get this error if xntpd is running already in your machine, most probably. So stop xntpd (rcxntp stop) running ntpdate.
Step-2
Add
server ntp.your-ntp-server.somewhere
to NTP Configuration file i.e. /etc/ntp.conf
For Example:
server pool.ntp.org
Step-3
Run rcxntpd restart command.
Monday, April 14, 2008
Network Time Protocol (NTP) - Server Configuration
(NOTE: This documentation is based on my experience in SuSE Linux. Settings may vary in other flavour of Linux)
[ Tip: Time zone can be changed in /etc/sysconfig/clock file. Once changed, the service /etc/init.d/boot.clock should be restarted. ]
A server can determine its time in two ways.
(1) By synchronizing with another NTP time server (or
If a server synchronizes with an NTP time server, the stratum used on that server will be determined by the server it is synchronizing with; if a server synchronizes with a stratum 3 time server, it will automatically become a stratum 4 time server by itself. (What is stratum?)
(2) By using a reference clock
If a server uses a reference clock, the server does not get its time from a server on the Internet but will determine its own time. The default stratum used is determined by the type and brand of reference clock that is used. If it is a reliable clock such as a clock related to GPS, the default stratum setting will be high; if it is a less reliable clock (such as the local clock in a computer), the default stratum will be lower.
Configuring a Standard-Alone NTP Time Server
You need just 2 elements to configure your own NTP time server.
(1) The configuration file (/etc/ntp.conf)
(2) And the daemon process (/etc/init.d/xntpd)
The configuration file (/etc/ntp.conf)
(a) Configuring ntp.conf
Add following lines in /etc/ntp.conf file.
fudge 127.127.1.0 stratum 10
server ntp.yourprovider.somewhere minpoll 4 maxpoll 15
Second line defines what should happen when the server falls back to the local external reference clock mentioned on the first line. This line starts with the keyword fudge to indicate a situation that is not normal. In this situation, the server should use the local clock, and the server sets its stratum to 10. By using this stratum, the server indicates that it is not very trustworthy but ensures that it can be used as a time source anyway.
The last line shows what should happen under the normal circumstances. It refers to an IP address or server name on the network of the Internet provider. The values for the minpoll and maxpoll parameters are kind of weird; they refer to the power of 2 that should be used. Therefore, minpoll 4 in fact is 2^4, which equals 16 seconds. The default value is 1024 i.e. 2^10. You can use any value from 4 to 17. The minpoll determines how often a client should try to synchronize its time when time currently is not synchronized properly. The maxpoll value indicates how often synchronization should occur if time is synchronized properly.
[ Tip: Looking for an NTP time server, visit http://www.ntp.org/. You can also set pool.ntp.org as your time server, which is publicly available time server on the Internet. ]
(b) Tuning Your NTP Server
Using the NTP Drift File: No matter how secure the local clock on your computer is, it always has a small defect: either the clock is running too fast or the clock is running too slow. This difference is referred to as the drift factor of the clock. To adjust the clock, NTP Process maintains a file called drift file, which is automatically created when NTP started first time. The drift file default location is /var/lib/ntp/drift/ntp.drift. You can tune where the file is created by using the driftfile parameter in ntp.conf:
driftfile /var/lib/ntp/drift/ntp.drift
(c) Securing Your NTP Server
If you want to restrict rest of the world to access NTP server, but allow your local network, add following lines in ntp.conf file.
restrict default noquery notrust nomodify
restrict 127.0.0.1
restrict 192.168.0.0 mask 255.255.255.0
The Daemon xntpd
Once configurations setting are done successfully, start the NTP Daemon with following command:
rcxntpd restart
Adding this service to default run-levels:
insserv xntpd
