Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: NTP synchronised problem in our Centos 7.6 node
Top Forums UNIX for Beginners Questions & Answers NTP synchronised problem in our Centos 7.6 node Post 303039105 by Neo on Monday 23rd of September 2019 04:28:46 AM
Old 09-23-2019
Also, not sure how much confidence we can have in this, but cvedetails reports than 0 Chrony vulnerabilities has been reported after 2016:

Tuxfamily Chrony : CVE security vulnerabilities, versions and detailed reports
 

10 More Discussions You Might Find Interesting

1. Programming

i-node problem

First , thank you for reading the post. I Use Digital Unix 4.0F . I get an i-node number of a text file using stat() function . I want to read the file context following the i-node information . But I do not know how to read disk information accroding to i-node information . (1 Reply)
Discussion started by: chenhao_no1
1 Replies

2. HP-UX

NTP problem

Hi, I have a problem using NTP. We have a setup as following : client --> HP Server(NTP) --> DMZ server --> DMZ server --> Internet Only some clients and our HP server is using NTP, the others are using different software. Now I get an error every day : Oct 1 13:17:15 nlunx1n1 xntpd:... (4 Replies)
Discussion started by: davidg
4 Replies

3. Solaris

NTP Authen Problem

Dear All I'm solaris user . I need to setup NTP authentication for my office server but I have some question for ntp setting up. I need to know if i set authen NTP the client that doesn't set for authen key can sync time from authen ntp server or not ?? when i setup the authen at ntp server ... (1 Reply)
Discussion started by: goasutlor
1 Replies

4. UNIX for Dummies Questions & Answers

NTP problem

All - i tried to sysn the clock from our server to get the timing and the server IP has been added in the ntp.conf file and i have some problems here. if some1 help me to solve this problem. 1. i can ping server 2. i was unable to ntpq -p (time out, no response from remote server, it looks... (2 Replies)
Discussion started by: March_2007
2 Replies

5. AIX

NTP Client problem

Hello everybody! When I run command "ntpdate" the following error occures "ksh: ntpdate: 0403-006 Execute permission denied. " # oslevel -s 5300-08-06-0918 oslevel -r 5300-08 eny suggestion friends? :-) (3 Replies)
Discussion started by: wwwzviadi
3 Replies

6. Red Hat

NTP sync problem

Hi, I have 4 machines and all are NTP configured with same ntp.conf file. But 3 machines are in sync with Time server and 4th machine is not contacting & sync with the NTP server. Please see the below details. # service ntpd stop Stopping ntpd: ... (0 Replies)
Discussion started by: uday123
0 Replies

7. Solaris

NTP problem.

Hi, I have edited the /etc/inet/ntp.conf file to point to a new time server. When I restart ntp on Solaris 10 using 'svcadm disable/enable ntp' it still points to the old ntp server when I run a 'ntpq -p'. Any ideas? Thanks. Sparcman (4 Replies)
Discussion started by: sparcman
4 Replies

8. UNIX for Advanced & Expert Users

NTP Problem

Hello every one i want to setup a ntp on sco unix 5.0.6 and i don't have any time server how can i do this with local time (1 Reply)
Discussion started by: kaydream
1 Replies

9. AIX

NTP time problem

I got an ntp time problem on AIX server. os version is AIX7.1 OS LEVEL 7.1.0.0 i got below output,when i run the below command bash-3.2# ntpdate -dv XXXXXXXXXXXXXXXXXXXXXXXX 4 Dec 12:50:49 ntpdate: 3.4y transmit(xxxxxxxxx) receive(xxxxxxxxx) transmit(xxxxxxxx) receive(xxxxxxxxx)... (9 Replies)
Discussion started by: murali969
9 Replies

10. AIX

GPS Clock Not Synchronised

Hi guys, I got some error on my application server mentioning that gps clock not sync to my db server. what is the command to check is my server is sync with the gps clock? appreciate if you guys can let me know how to troubleshoot this problem. Thanks (1 Reply)
Discussion started by: leecopper
1 Replies

LEARN ABOUT DEBIAN

debsecan

DEBSECAN(1)															       DEBSECAN(1)

NAME

       debsecan - Debian Security Analyzer

SYNOPSIS

       debsecan options...

DESCRIPTION

       debsecan analyzes the list of installed packages on the current host and reports vulnerabilities found on the system.

OPTIONS

       --suite count
	      Choose a specific suite.	debsecan produces more informative output (including obsolete packages) if the correct suite is specified.
	      The release code name has to be used ("sid"), not the temporal name ("unstable").

       --whitelist file
	      Change the name of the whitelist file.

       --add-whitelist, --remove-whitelist, --show-whitelist
	      Add or remove entries from the whitelist, or print the whitelist to standard output.  See the CHANGING THE WHITELIST section below.

       --source url
	      Override the default download URL for vulnerability data.

       --status file
	      Evaluate a different dpkg status file.

       --format format
	      Change the output format.  If format is summary (the default), a short summary for each vulnerability is printed.  The simple format
	      is like the summary format, except that only the bug packages names are printed.	For bugs and packages, debsecan lists the names of
	      vulnerabilities and binary packages, respectively.  --format detail requests a verbose output format, showing  all  available  data.
	      The report format is used for email reports.

       --line-length characters
	      Specifies the line length in report mode.  The default is 72.

       --mailto mailbox
	      The  --mailto option instructions debsecan to the send the report to the email address mailbox.  No report is sent if there where no
	      changes since the last invocation with --update-history.	This option requires the --format report output format.  The option  value
	      may contain macros, see the section CONFIGURATION FILE MACROS below.

       --only-fixed
	      Only  list  vulnerabilities for which a fix is available in the archive.	Note that it can happen that a fix is listed, although the
	      package has not been built for the system's architecture and is not yet available for download.  (If you use this option,  you  also
	      must specify the correct suite using --suite.)

       --no-obsolete
	      Do  not  list any obsolete packages (see below).	Using this option is not recommended because it hides real vulnerabilities on some
	      systems, not just false positives.

       --history file
	      Change the name of the history file used by --format report.

       --update-history
	      Update the vulnerability status information after reporting it using --format report.

       --cron Internal option used for invocations from cron.  Checks if the vulnerability data has already been downloaded today.  In this  case,
	      further processing is skipped.  See debsecan-create-cron(8) for instructions how to create a suitable cron entry.

       --config file
	      Sets the location of the configuration file.

       --help Display a short help message and exit.

       --version
	      Display version information and exit.

CONFIGURATION FILE

       The  configuration  file  contains the following variables.  It follows name=value shell syntax.  If value contains white space, it must be
       surrounded by double quotes.  Some variables may contain macros; see the section CONFIGURATION FILE MACROS below.

       MAILTO Sets the email address to which reports are sent in --cron mode.	May contain macros.

       REPORT Controls whether debsecan does any processing whatsoever in --cron mode.	(Permitted values: true and false.)

       SOURCE Controls the URL from which vulnerability information is fetched.  If empty, the built-in default is used.

       SUITE  Sets the default value of the --suite option (see there).

       SUBJECT
	      Changes the subject line of reports.  May contain macros.

CONFIGURATION FILE MACROS

       Macro processing replaces strings of the form %s(key)s with system-dependent values.  Support keys are:

       hostname
	      The host name on which debsecan runs, without the domain name part.

       fqdn   The fully-qualified domain name of the host on which debsecan runs.

       ip     The IP address of the host on which debsecan runs.  This may be inaccurate on multi-homed systems.

CHANGING THE WHITELIST

       You can use the --add-whitelist and --remove-whitelist options to change the whitelist.	Whitelisted vulnerabilities are  not  included	in
       the reports.  For example,

	      debsecan --add-whitelist CVE-2005-4601

       ignores the vulnerability CVE-2005-4601 completely, while

	      debsecan --add-whitelist CVE-2005-4601 perlmagick

       ignores	it  only  as  far  as  the perlmagick is concerned.  (This is the same format that is produced by the --format simple option.)	To
       remove all whitelist entries for the CVE-2005-4601 vulnerability, use:

	      debsecan --remove-whitelist CVE-2005-4601

       If you want to remove an entry for a specific vulnerability/package pair, list the package name explicitly, as in:

	      debsecan --remove-whitelist CVE-2005-4601 imagemagick

       You can list multiple vulnerability and packages.  For example,

	      debsecan --add-whitelist CVE-2005-4601 
		 CVE-2006-0082 imagemagick perlmagick

       whitelists CVE-2005-4601 for all packages, and CVE-2006-0082 for the imagemagick and perlmagick packages only.

CAVEATS

       Much like the official Debian security advisories, debsecan's vulnerability tracking is mostly based on source packages.  This can be  con-
       fusing  because	tools  like  dpkg only display binary package names.  Therefore, debsecan displays the more familiar binary package names.
       This has the unfortunate effect that all binary packages (including packages containing only documentation, for	example)  are  flagged	as
       vulnerable, and not only those packages which actually contain the vulnerable code.

       If  the	correct  --suite option is specified, debsecan may mark some packages as obsolete.  This means that the binary package in question
       has been removed from the archive.  In this case, you need to update all the packages depending on the obsolete package,  and  subsequently
       remove the obsolete package.

       For  certain architectures, build daemons may lag considerably.	In such case, debsecan may incorrectly mark a package as fixed, even if an
       update is not yet available in the Debian archive.

       Note that debsecan version uses the --suite option only to determine the availability of corrected packages and to  detect  obsolete  pack-
       ages.   If  you specify the wrong suite, only the information on available security updates and obsolete packages is wrong, but the list of
       vulnerabilities is correct.

       Mixing packages from different Debian releases is supported, as long as the packages still carry their official version	numbers.   Unknown
       package	versions  (from backported packages, for example) are compared to the version in Debian unstable only, which may lead to incorrect
       reports.

EXAMPLES

       This command prints all package names for which security fixes are available:

	      debsecan --suite suite --format packages --only-fixed

       If you pass this output to apt-get, you can download new packages which contain security fixes.	For example, if you are running sid:

	      apt-get install 
		 $(debsecan --suite sid --format packages --only-fixed)

       The following command can be invoked periodically, to get notifications of new security issues:

	      debsecan --suite suite --format report 
		 --update-history --mailto root

       See debsecan-create-cron(8) for a tool which creates a suitable cron entry.

ENVIRONMENT

       http_proxy
	      This environment variable instructs debsecan to use a proxy server to fetch  the	vulnerability  data.   It  must  be  of  the  form
	      http://proxy.example.net:8080/ (mimicking a URL).

FILES

       /etc/default/debsecan
	      Built-in location of the configuration file.

       /var/lib/dpkg/status
	      File from which the package information is fetched by default.

AUTHOR

       debsecan was written by Florian Weimer.

SEE ALSO

       dpkg(1), debsecan-create-cron(8), apt-get(8)

								    2005-12-23							       DEBSECAN(1)
All times are GMT -4. The time now is 04:03 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy