The following bash script will automate the configuration of ntp to run in a jail (chroot) for a debian/ubuntu.
#!/bin/bash /etc/init.d/ntp stop rootfs=/var/chroot/ntp mkdir -p $rootfs/{etc,var/lib/ntp,var/log} mv /etc/ntp.conf $rootfs/etc ln -s $rootfs/etc/ntp.conf /etc/ntp.conf if [ -e /var/lib/ntp/ntp.drift ]; then mv /var/lib/ntp/ntp.drift $rootfs/var/lib/ntp fi ln -s $rootfs/var/lib/ntp/ntp.drift \ /var/lib/ntp/ntp.drift chown -R ntp:ntp $rootfs/var/lib/ntp mv /var/log/ntpstats $rootfs/var/log ln -s $rootfs/var/log/ntpstats /var/log/ntpstats chown -R ntp:ntp $rootfs/var/log/ntpstats sed -e "s,'-g','-4 -i /var/chroot/ntp -g'," \ /etc/default/ntp > /tmp/x && \ mv /tmp/x /etc/default/ntp sed -e "s,restrict -6,#restrict -6," \ -e "s,restrict ::1,#restrict ::1," \ /etc/ntp.conf > /tmp/x && \ mv /tmp/x /etc/ntp.conf /etc/init.d/ntp start
To check if the chroot is well configured, you can execute this command :
# ps -ef | grep ntp ntp 696 1 0 08:52 ? 00:00:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -4 -i /var/chroot/ntp -g -u 110:119
Reference
Access Control Commands and Options
Authentication Commands and Options
- automax – specify Autokey regeneration interval
- controlkey – specify control key ID
- crypto – configure Autokey parameters
- ident – specify Autokey ephemeral group name
- keys – specify symmetric keys filename
- keysdir – specify Autokey key directory
- requestkey – specify request key ID
- revoke – specify Autokey randomization interval
- trustedkey – specify trusted key IDs
- Command Index
Server Commands and Options
- server – configure client association
- peer – configure symmetric peer association
- broadcast – configure broadcast server association
- manycastclient – configure manycast client association
- pool – configure pool association
- unpeer – remove association
- broadcastclient – enable broadcast client
- manycastserver – enable manycast server
- multicastclient – enable multicast client
- Command Index
Monitoring Commands and Options
- filegen – specify monitor files
- statistics – enable writing of statistics records
- statsdir – specify monitor files directory
- Command Index
Reference Clock Commands and Options
Miscellaneous Commands and Options
- broadcastdelay – specify broadcast delay
- driftfile – specify frequency file
- enable – enable options
- disable – disable options
- includefile – specify include file
- interface – specify which local network addresses to use
- leapfile – specify leapseconds file
- logconfig – configure log file
- mru – control monitor MRU list limits
- phone – specify modem phone numbers
- reset – reset groups of counters
- saveconfigdir – specify saveconfig directory
- setvar – set system variables
- tinker – modify sacred system parameters (dangerous)
- rlimit – alters certain process storage allocation limits
- tos – modify service parameters
- trap – set trap address
- ttl – set time to live
- Command Index
NTP: how to chroot