以下内容是操作过程只经过稍微整理
[root@xie51 ~]# cat /etc/passwd
[root@xie51 ~]# grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
[root@xie51 ~]# grep --color "root" /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
root@xie51 ~]# grep --color "^root" /etc/passwd
root:x:0:0:root:/root:/bin/bash
[root@xie51 ~]# grep -n --color "^root" /etc/passwd
1:root:x:0:0:root:/root:/bin/bash
[root@xie51 ~]# ps -ef |grep sshd
root 1371 1 0 09:21 ? 00:00:00 /usr/sbin/sshd
root 1494 1371 0 09:51 ? 00:00:00 sshd: root@pts/0
root 1563 1371 0 11:38 ? 00:00:00 sshd: root@pts/1
root 1588 1567 0 11:42 pts/1 00:00:00 grep sshd
root@xie51 ~]# ps --help|more
********* simple selection ********* ********* selection by list *********
-A all processes -C by command name
-N negate selection -G by real group ID (supports names)
-a all w/ tty except session leaders -U by real user ID (supports names)
-d all except session leaders -g by session OR by effective group name
-e all processes -p by process ID
-q by process ID (unsorted & quick)
T all processes on this terminal -s processes in the sessions given
a all w/ tty, including other users -t by tty
g OBSOLETE -- DO NOT USE -u by effective user ID (supports names)
r only running processes U processes for specified users
x processes w/o controlling ttys t by tty
*********** output format ********** *********** long options ***********
-o,o user-defined -f full --Group --User --pid --cols --ppid
-j,j job control s signal --group --user --sid --rows --info
-O,O preloaded -o v virtual memory --cumulative --format --deselect
-l,l long u user-oriented --sort --tty --forest --version
-F extra full X registers --heading --no-heading --context
--quick-pid
********* misc options *********
-V,V show version L list format codes f ASCII art forest
-m,m,-L,-T,H threads S children in sum -y change -l format
-M,Z security data c true command name -c scheduling class
-w,w wide output n numeric WCHAN,UID -H process hierarchy
[root@xie51 ~]# yum install ntp* -y
[root@xie51 ~]# rpm -ql ntp|more
/etc/dhcp/dhclient.d
/etc/dhcp/dhclient.d/ntp.sh
/etc/ntp.conf
/etc/ntp/crypto
/etc/ntp/crypto/pw
/etc/rc.d/init.d/ntpd
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/sbin/ntp-keygen
/usr/sbin/ntpd
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/tickadj
/usr/share/doc/ntp-4.2.6p5
/usr/share/doc/ntp-4.2.6p5/COPYRIGHT
/usr/share/doc/ntp-4.2.6p5/ChangeLog
/usr/share/doc/ntp-4.2.6p5/NEWS
/usr/share/man/man5/ntp.conf.5.gz
/usr/share/man/man5/ntp_acc.5.gz
/usr/share/man/man5/ntp_auth.5.gz
/usr/share/man/man5/ntp_clock.5.gz
/usr/share/man/man5/ntp_decode.5.gz
/usr/share/man/man5/ntp_misc.5.gz
/usr/share/man/man5/ntp_mon.5.gz
/usr/share/man/man8/ntp-keygen.8.gz
/usr/share/man/man8/ntpd.8.gz
/usr/share/man/man8/ntpdc.8.gz
/usr/share/man/man8/ntpq.8.gz
/usr/share/man/man8/ntpstat.8.gz
/usr/share/man/man8/ntptime.8.gz
/usr/share/man/man8/tickadj.8.gz
/var/lib/ntp
/var/lib/ntp/drift
/var/log/ntpstats
[root@xie51 ~]# vim /etc/ntp.conf
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
server ntp.fudan.edu.cn
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
查看ntpd运行状态:
[root@xie51 ~]# service ntpd status
ntpd (pid 1665) 正在运行...
[root@xie51 ~]# service ntpd stop
关闭 ntpd: [确定]
[root@xie51 ~]# service ntpd restart
关闭 ntpd: [失败]
正在启动 ntpd: [确定]
客户端安装ntpdate命令:
[root@xie50 ~]# yum install ntpdate -y
已加载插件:fastestmirror
[root@xie50 ~]# ntpdate 192.168.0.51
2 Dec 12:07:01 ntpdate[2063]: no server suitable for synchronization found
同步失败,原因,要关闭防火墙,和selinux
[root@xie51 ~]# /etc/init.d/iptables stop
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则: [确定]
iptables:正在卸载模块: [确定]
[root@xie51 ~]# setenforce 0 #临时关闭selinux
或者:
root@xie50 ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
要重启 才生效
[root@xie51 ~]# ps -ef |grep ntpd
ntp 1721 1 0 00:20 ? 00:00:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
root 1794 1567 0 00:29 pts/1 00:00:00 grep ntpd
root@xie50 ~]# ntpdate 192.168.0.51
4 Dec 00:31:41 ntpdate[2138]: step time server 192.168.0.51 offset 130607.247893 sec
时间相关操作:
[root@xie51 ~]# hwclock
2018年12月03日 星期一 15时33分53秒 -0.550593 seconds
#date 201812001 时间设置
查看本机网络时间同步状态
[root@xie51 ~]# ntpstat
synchronised to NTP server (46.227.200.24) at stratum 3
time correct to within 1122 ms
polling server every 64 s
查看NTP服务的实际同步状态:
root@xie51 ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
10.108.68.100 .INIT. 16 u - 64 0 0.000 0.000 0.000
*uk.cluster.ntp. 185.134.196.169 2 u 16 64 73 237.990 -12.570 7.184
85.199.214.100 .GPS. 1 u 26 64 15 251.705 33.121 6.823
cn.ntp.faelix.n 185.134.196.169 2 u 11 64 77 315.215 -43.181 6.464
在交互式模式下使用ntpq
[root@xie51 ~]# ntpq -i
ntpq> ?
ntpq commands:
:config delay mreadvar readlist
addvars exit mrl readvar
associations help mrv rl
authenticate host ntpversion rmvars
cl hostnames opeers rv
clearvars keyid passociations saveconfig
clocklist keytype passwd showvars
clockvar lassociations peers timeout
config-from-file lopeers poll version
cooked lpassociations pstatus writelist
cv lpeers quit writevar
debug mreadlist raw
#//? 输入? 显示所有ntp子命令
读取内核时间变量:
[root@xie51 ~]# ntptime
ntp_gettime() returns code 0 (OK)
time dfafdafd.7fc7f74c Tue, Dec 4 2018 0:40:29.499, (.499145072),
maximum error 1390314 us, estimated error 7261 us, TAI offset 0
ntp_adjtime() returns code 0 (OK)
modes 0x0 (),
offset -2452.217 us, frequency -0.646 ppm, interval 1 s,
maximum error 1390314 us, estimated error 7261 us,
status 0x2001 (PLL,NANO),
time constant 6, precision 0.001 us, tolerance 500 ppm,
获取服务器的列表
root@xie51 ~]# ntpdc -l
client 85.199.214.100
client 10.108.68.100
client uk.cluster.ntp.faelix.net
client cn.ntp.faelix.net
配置广播方式NTP服务器实例:
创建文件密钥:
[root@xie51 ~]# ntp-keygen -M
Using OpenSSL version OpenSSL 1.0.1e-fips 11 Feb 2013
Using host xie51 group xie51
Generating new md5 file and link
ntpkey_md5_xie51->ntpkey_MD5key_xie51.3752844411
复制文件密钥到客户端:
[root@xie51 ~]# cp /root/ntpkey_MD5key_xie51.3752844411 /etc/ntp/keys
cp:是否覆盖"/etc/ntp/keys"? y
复制文件密钥到客户端:
[root@xie51 ~]# scp /etc/ntp/keys 192.168.0.50:/etc/ntp/keys
The authenticity of host '192.168.0.50 (192.168.0.50)' can't be established.
RSA key fingerprint is 0d:64:03:b8:8e:87:93:23:bf:ee:44:4f:55:84:8a:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.50' (RSA) to the list of known hosts.
[email protected]'s password:
keys
NTP服务端配置参考上面
NTP客户端配置
启动服务器
service ntpd restart