|
|
Sponsored Content
Operating Systems
Solaris
"synchronisation lost" errors for Solaris NTP server
Post 303042095 by Neo on Saturday 14th of December 2019 04:30:36 AM
12-14-2019
Administrator
Quote:
FWIW, I have servers not connected to the Internet, but I keep them upgraded. Maybe I forgot to read this "it's a dead horse if not connected to the Internet policy"... LOL
So, in my view it is not a "dead horse" to encourage people to secure their systems, upgrade obsolete servers, and not run obsolete code; especially when it is trivia (and basically free) to replace.
You are free to disagree, of course; but I am free to disagree back (and I will push back).
In fact, if you run 17 year old server code and call up any company for support, the first thing they will tell you is "we do not support that version, so please upgrade and call us back when you do".
It's really basic, everyone should run servers and apps with the latest code and if you have an NTP server which is buggy, the first think you should do it upgrade it, not the last.
Also, we at unix.com should be encouraging people to run the latest version of all software and to insure the code they are running is a free of defects as possible.
Feel free to disagree, of course; but don't expect me to agree with this "it's beating a dead horse to encourage people to update buggy 17 year old code" worldview
But of course, you are free to reply with any and all technical approaches you want. It's always good to have many different ideas and approaches.Additional Info:
The security issues raised when running obsolete security is basically irrelevant to "connected to the Internet or not" as MIG and the OP have mentioned. IT security is defined (in brief) as (1) confidentiality, (2) integrity and (3) availability. You do not need a "hacker from the dark web" to have an IT security issue. Running obsolete software which is known to be buggy is a larger cause of availability issues than "hackers from the web". In fact, in my many years as a leading expert in cybersecurity, the biggest security breeches mostly / always come from "insiders" (not outside hackers). In my view, running 17 year old, known to be buggy software, is a much larger security breech by "insiders" (who permit and encourage this kind of bad configuration management) than worrying about "hackers from the scary Internet".
|
|
9 More Discussions You Might Find Interesting
1. Filesystems, Disks and Memory
Hi Friends,
How can I Restore the Files present under "lost+found" Directory of a FileSystem (in Solaris & Tru64 OS) to their original Locations.
Now-a-days I am loosing lots of files in 2 of my Machines,
One running Solaris8 and other Tru64(Digital) Unix.
Thanx in... (1 Reply)
Discussion started by: dhasarath
1 Replies
2. UNIX for Dummies Questions & Answers
Is there some way to force the NTP server on a brand-new install to be "suitable" to sync other servers from? (I'm more concerned with synchronization between machines, and less concerned with what the actual time they sync to is)
For example, whenever I install fresh from the Fedora DVDs and... (0 Replies)
Discussion started by: jjinno
0 Replies
3. Linux
does anyone know how to change the treshold of 128ms in NTP.
in order to ignore these alarms:
Oct 27 14:44:15 rt1 ntpd: synchronisation lost
Oct 27 15:08:25 rt1 ntpd: time reset 0.688591 s
Oct 27 15:08:25 rt1 ntpd: synchronisation lost
Oct 27 15:28:45 rt1 ntpd: time reset 0.462257 s (0 Replies)
Discussion started by: modcan
0 Replies
4. UNIX for Advanced & Expert Users
Hi,
I was trying to call "script <an ip add>" command from .profile file to log everything whenever anyone logs in to this user. I did the following at the end of .profile. 1) Extracted the IP address who logged in 2) Called script < ip add> . The problem I am facing is all, aliases etc. written... (3 Replies)
Discussion started by: amicon007
3 Replies
5. AIX
Hi,
This is odd, however here goes. There are several shell scripts that run in our production environment AIX 595 LPAR m/c, which has sufficient memory 14GB (physical memory) and horsepower 5CPUs. However from time to time we get the following errors in these shell scripts. The time when these... (11 Replies)
Discussion started by: jerardfjay
11 Replies
6. Shell Programming and Scripting
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Discussion started by: shis100
7 Replies
7. Solaris
Need to find a way to import an LP printers.conf file to CUPS. I have some new Solaris 11.1 boxes that need to have 300 printers added. (0 Replies)
Discussion started by: os2mac
0 Replies
8. UNIX for Dummies Questions & Answers
Hi All,
I'm completely new to bash scripting and still learning my way through albeit vey slowly.
I need to know where to insert my server names', my ip address numbers through out the script alas to no avail.
I'm also searching on how to save .sh (bash shell) script properly.... (25 Replies)
Discussion started by: profileuser
25 Replies
9. Shell Programming and Scripting
Hello.
System : opensuse leap 42.3
I have a bash script that build a text file.
I would like the last command doing :
print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt
where :
print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies
LEARN ABOUT CENTOS
pki-upgrade
pki-upgrade(8) PKI Upgrade Tool pki-upgrade(8) NAME
pki-upgrade - Tool for upgrading system-wide configuration for Certificate System. SYNOPSIS
pki-upgrade [OPTIONS] DESCRIPTION
There are two parts to upgrading Certificate System: upgrading the system configuration files used by both the client and the server pro- cesses and upgrading the server configuration files. When upgrading Certificate System, the existing system configuration files (e.g. /etc/pki/pki.conf) may need to be upgraded because the content may have changed from one version to another. The configuration upgrade is executed automatically during RPM upgrade. However, in case there is a problem, the process can also be run manually using pki-upgrade. The system upgrade process is done incrementally using upgrade scriptlets. The upgrade process and scriptlet execution is monitored in upgrade trackers. A counter shows the latest index number for the most recently executed scriptlet; when all scriptlets have run, the com- ponent tracker shows the updated version number. The scriptlets are stored in the upgrade directory: /usr/share/pki/upgrade/<version>/<index>-<name> The version is the system version to be upgraded. The index is the script execution order. The name is the scriptlet name. During upgrade, the scriptlets will back up all changes to the filesystem into the following folder: /var/log/pki/upgrade/<version>/<index> The version and index values indicate the scriptlet being executed. A copy of the files and folders that are being modified or removed will be stored in oldfiles. The names of the newly-added files and folders will be stored in newfiles. The system upgrade process is tracked using this file: /etc/pki/pki.version The file stores the current configuration version and the last successful scriptlet index. OPTIONS
General options --silent Upgrade in silent mode. --status Show upgrade status only without performing the upgrade. --revert Revert the last version. -X Show advanced options. -v, --verbose Run in verbose mode. -h, --help Show this help message. Advanced options The advanced options circumvent the normal component tracking process by changing the scriptlet order or changing the tracker information. WARNING: These options may render the system unusable. --scriptlet-version <version> Run scriptlets for a specific version only. --scriptlet-index <index> Run a specific scriptlet only. --remove-tracker Remove the tracker. --reset-tracker Reset the tracker to match the package version. --set-tracker <version> Set the tracker to a specific version. OPERATIONS
Interactive mode By default, pki-upgrade will run interactively. It will ask for a confirmation before executing each scriptlet. % pki-upgrade If there is an error, it will stop and show the error. Silent mode The upgrade process can also be done silently without user interaction: % pki-upgrade --silent If there is an error, it will stop and show the error. Checking upgrade status It is possible to check the status of a running upgrade process. % pki-upgrade --status Troubleshooting If there is an error, rerun the upgrade in verbose mode: % pki-upgrade --verbose Check the scriptlet to see which operations are being executed. Once the error is identified and corrected, the upgrade can be resumed by re-running pki-upgrade. It is possible to rerun a failed script by itself, specifying the instance and subsystem, version, and scriptlet index: % pki-upgrade --scriptlet-version 10.0.1 --scriptlet-index 1 Reverting an upgrade If necessary, the upgrade can be reverted: % pki-upgrade --revert Files and folders that were created by the scriptlet will be removed. Files and folders that were modified or removed by the scriptlet will be restored. FILES
/usr/sbin/pki-upgrade AUTHORS
Ade Lee <alee@redhat.com>, Ella Deon Lackey <dlackey@redhat.com>, and Endi Dewata <edewata@redhat.com>. pki-upgrade was written by the Dogtag project. COPYRIGHT
Copyright (c) 2013 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is avail- able at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. version 1.0 Jul 22, 2013 pki-upgrade(8)