VMWare: How to Change the ESXi System Time and HW Clock on the CLI

http://www.empirion.co.uk/vmware/vmware-how-to-change-the-system-time-on-the-cli/

This article details how to change the ESXi system time and HW clock on your ESXi hypervisor machine via the CLI.

Ideally we want to use NTP to set the system time but if your clock is too far out from the actual time then this will fail and you may see something like this in the syslog file:
ntpd[263140]: synchronized to <46 .249.47.127="">, stratum 1
ntpd[263140]: time correction of <54423> seconds exceeds sanity limit (1000); set clock manually to the correct UTC time.
[info 'ha-eventmgr'] Event 91 : NTP daemon stopped. Time correction 1206 > 1000 seconds. Manually set the time and restart ntpd.
The situation was that my VMs were synchronising their time to the ESXi host’s on every reboot, meaning that some important secure system services (in Windows 2008 in particular) were not starting. There isn’t the facility to do this on the DCUI (Direct Console User Interface – the yellow and black screen) so here’s the gen on how to achieve this using the command line.

My first endeavours were using the “date” command, as I’m used to doing in Linux, unfortunately these were met with the error:

~ # date 100410112014
date: can't set date: Function not implemented
Sat Oct  4 10:11:00 UTC 2014

OK, it’s being pernickety so lets use the “-s” flag to SET the time:

~ # date -s 041010112014
date: Setting date not supported; use

Now we’re getting somewhere. The command takes the following parameters:

Usage: esxcli system time set [cmd options]
Description:
set                   Set the system clock time. Any missing parameters will default to the current time
Cmd options:
-d|--day=       Day
-H|--hour=      Hour
-m|--min=       Minute
-M|--month=     Month
-s|--sec=       Second
-y|--year=      Year

So, to set the system time to 10th April 2014, 10:18 (am):
~ # esxcli system time set -d 10 -H 10 -m 18 -M 04 -y 2014
Also, make sure that we also set the hardware clock time as the system time will revert to this on a reboot:

~ # esxcli hardware clock set -d 10 -H 10 -m 18 -M 04 -y 2014     <- 10:18="" 10th="" 2014="" am="" april="" clock="" code="" hardware="" sets="" the="" to="">

To check the hardware and system time we can use the following commands:

esxcli hardware clock get
esxcli system time get

5 DNS Services to Block Porn Sites without Installing Software

https://www.raymond.cc/blog/how-to-block-pornographic-websites-without-spending-money-on-software/

The Internet is so vast and uncensored that it is capable of plaguing the young minds if the parents do not play their role in making sure that the bad websites are being filtered and blocked. Unlike previous generations where they probably hide their adult magazines under their bed, all they need is a device such as smartphone, tablet or desktop computer with an Internet connection to access the hundreds of thousands freely available porn sites by clicking the “I Agree” button to comply with the displayed conditions.

We have previously introduced 10 parental control software that you can install on your Windows computer to automatically detect bad websites and block them. They are effective but most of them can be easily tampered and bypassed. On this article we will be introducing the DNS method that can be used as an additional filtering system to block out bad websites and it works perfectly with the parental control software.

Basically a DNS is used to translate a typed URL (www.raymond.cc) into an IP address (142.4.51.106), and it works very quickly behind the scenes. When you connect to the Internet, Windows will by default use the DNS server provided by your ISP unless you’ve manually changed it to a different one such as Google Public DNS. Fortunately, we have found 3 free DNS services that come with protection policies to block porn and other types of unsavory websites. 1. OpenDNS FamilyShield

OpenDNS was one of the very first to offer a public DNS service for free with the ability to block adult websites. Previously the configuration was a pain especially for users with dynamic IP address because it requires signing up an account, setting up the filtering and then installing an updater client so that the IP address is up to date. OpenDNS have come up with a new service called FamilyShield where it is pre-configured to block pornography websites by using their DNS servers.

Preferred DNS Server: 208.67.222.123
Alternate DNS Server: 208.67.220.123

OpenDNS still offers the classic service called OpenDNS Home where you get to customize the filtering by choosing the categories that you want to allow or block and also adding individual domains to whitelist or blacklist.

Visit OpenDNS FamilyShield Setup Guide 

---

2. Norton ConnectSafe

Also known as Norton DNS, Norton ConnectSafe offers 3 different protection policies for free with different IP addresses. The first one is for security to block out malware, phishing and scam sites, while the second one adds the ability to block porn to the list and the last one adds non-family friendly sites such as drugs, gambling, crime, etc.

Security
Preferred DNS Server: 198.153.192.40
Alternate DNS Server: 198.153.194.40

Security + Pornography
Preferred DNS Server: 198.153.192.50
Alternate DNS Server: 198.153.194.50

Security + Pornography + Non-Family Friendly
Preferred DNS Server: 198.153.192.60
Alternate DNS Server: 198.153.194.60

Visit OpenDNS FamilyShield Setup Guide 

---

3. MetaCert DNS

MetaCert is well known for their plugin for Firefox and Chrome to protect your children from pornography. They are currently venturing in the DNS service where it has more flexibility to work on more devices rather than from just web browsers. Do note that currently MetaCert DNS is still in beta and they only have one DNS server. During testing we found that MetaCert DNS filtering fails periodically.

Preferred DNS Server: 184.169.223.35

Visit OpenDNS FamilyShield Setup Guide 

On the next page there are another 2 family friendly DNS services and a utility you can use to try out some of these services with the click of a button.

4. SafeDNS

SafeDNS is a relatively new DNS service that concentrates on be able to block porn and a range of other unsavory websites such as violence, alcohol & smoking by default. If you sign up for a free account you can setup filtering for over 50 different categories containing around 5 million websites, configure exceptions and also view your DNS usage history. A Windows tool called SafeDNS Agent is also available to control all of the SafeDNS service options from the desktop.

Primary DNS server: 195.46.39.39
Secondary DNS Server: 195.46.39.40

Visit and Sign Up for SafeDNS 

---

5. SentryDNS

The free SentryDNS service is able to provide limited content filtering and can block a number of websites in addition to pornography, including malware, phishing, botnets and illegal downloads. Optionally signing up to the service will allow you to control web filtering from different categories. A companion tool called SentryDNS WAN Agent will watch your WAN IP address and notify the SentryDNS service of any changes when they occur, a useful option for dynamic IP users.

Primary DNS Server: 152.160.81.10
Secondary DNS Server:  70.90.33.94

Visit SentryDNS Setup Guide 

---

Try Out 3 of these DNS Services Using a Simple Program

The problem when you have a choice of services is you maybe can’t decide which one you should use. Or perhaps changing the DNS server is not something you’re comfortable in doing. Well, the good news is, there’s a handy little tool around that will give you the opportunity of trying out 3 of these DNS services with just the click of a button, no manual setting up needed.

DNS Angel is basically a cut down version of a useful tool called DNS Jumper which allows you to easily try out several different DNS servers from a preset list. DNS Angel has no preset list, and instead concentrates on enabling and switching between the OpenDNS FamilyShield, MetaCert DNS and Norton ConnectSafe services just by clicking on the relevant button.

Simply start the program, it’s free and portable, and it will show your current DNS which will likely be something like 192.168.1.1 etc. All you need to do is click on the button for the DNS service you want to try and then test it out in your browser, the web browser may need restarting if it’s open while changing DNS servers. You will obviously need to hide this tool on your computer so no-one else can change the DNS back to the default and enable adult website viewing again. Perhaps something like password protection might be included in a future version.

Download DNS Angel 

---

Editor’s Note: One very important information that you should know is the DNS settings in Windows will override the one on your router. For example, if you’ve configured your router to use OpenDNS FamilyShield but the computer is using the Google Public DNS, the computer will end up using the Google’s DNS rather than OpenDNS. To prevent the DNS method being bypassed, you will need to create a restricted standard user account for your children so that they cannot change the DNS settings.

How to remove malware from your Windows PC

http://www.computerworld.in/how-to/how-remove-malware-your-windows-pc

Clean out and restore your PC to its pristine state.

Is your computer running slower than usual? Are you getting lots of pop-ups? Have you seen other weird problems crop up? If so, your PC might be infected with a virus, spyware, or other malware—even if you have an antivirus program installed. Though other problems such as hardware issues can produce similarly annoying symptoms, it’s best to check for malware if your PC is acting up and we’ll show you how to do it yourself.

Step 1: Enter Safe Mode

Before you do anything, you need to disconnect your PC from the internet, and don’t use it until you’re ready to clean your PC. This can help prevent the malware from spreading and/or leaking your private data.
If you think your PC may have a malware infection, boot your PC into Microsoft’s Safe Mode. In this mode, only the minimum required programs and services are loaded. If any malware is set to load automatically when Windows starts, entering in this mode may prevent it from doing so. This is important because it allows the files to be removed easier since they’re not actually running or active.
Sadly, Microsoft has turned the process of booting into safe mode from a relatively easy process in Windows 7 and Windows 8 to one that is decidedly more complicated in Windows 10. To boot into Windows Safe Mode, first click the Start Button in Windows 10 and select the Power button as if you were going to reboot, but don’t click anything. Next hold down the Shift key and click Reboot. When the full-screen menu appears, select Troubleshooting, then Advanced Options, then Startup Settings. On the next window click the Restart button and wait for the next screen to appear (just stick with us here, we know this is long). Next you will see a menu with numbered startup options; select number 4, which is Safe Mode. Note that if you want to connect to any online scanners you’ll need to select option 5, which is Safe Mode with Networking.
You may find that your PC runs noticeably faster in Safe Mode. This could be a sign that your system has a malware infection, or it could mean that you have a lot of legitimate programs that normally start up alongside Windows. If your PC is outfitted with a solid state drive it’s probably fast either way.

Step 2: Delete temporary files

You can use Windows 10’s built-in disk cleanup utility to rid your system of unnecessary temp files. 
Now that you’re in Safe Mode, you’ll want to run a virus scan. But before you do that, delete your temporary files. Doing this may speed up the virus scanning, free up disk space, and even get rid of some malware. To use the Disk Cleanup utility included with Windows 10 just type Disk Cleanup in the search bar or after pressing the Start button and select the tool that appears named Disk Cleanup.
PC Worl

Step 3: Download malware scanners

Now you’re ready to have a malware scanner do its work—and fortunately, running a scanner is enough to remove most standard infections. If you already had an antivirus program active on your computer, you should use a different scanner for this malware check, since your current antivirus software may not have detected the malware. Remember, no antivirus program can detect 100 percent of the millions of malware types and variants.
There are two types of antivirus programs. You’re probably more familiar with real-time antivirus programs, which run in the background and constantly watch for malware. Another option is an on-demand scanner, which searches for malware infections when you open the program manually and run a scan. You should have only one real-time antivirus program installed at a time, but you can have many on-demand scanners installed to run scans with multiple programs, thereby ensuring that if one program misses something a different one might find it.
If you think your PC is infected, we recommend using an on-demand scanner first and then following up with a full scan by your real-time antivirus program. Among the free (and high-quality) on-demand scanners available are BitDefender Free Edition, Kaspersky Virus Removal Tool, Malwarebytes, Microsoft’s Malicious Software Removal Tool, Avast, and SuperAntiSpyware.

Step 4: Run a scan with Malwarebytes

For illustrative purposes, we’ll describe how to use the Malwarebytes on-demand scanner. To get started, download it. If you disconnected from the internet for safety reasons when you first suspected that you might be infected, reconnect to it so you can download, install, and update Malwarebytes; then disconnect from the internet again before you start the actual scanning. If you can’t access the internet or you can’t download Malwarebytes on the infected computer, download it on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.
After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once the program opens, keep the default scan option (“Threat Scan”) selected and click the Start Scan button. It should check for updates before it runs the scan, so just make sure that happens before you proceed.
Choose Threat Scan to perform a basic analysis of your computer’s most commonly infected files.  C World

Though it offers a custom-scan option, Malwarebytes recommends that you perform the threat scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas a custom scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.
If Malwarebytes automatically disappears after it begins scanning and won’t reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better off reinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware.
Once the scan is complete Malwarebytes will show you the results. If the software gives your system a clean bill of health but you still think that your system has acquired some malware, consider running a custom scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it’ll show you what they are when the scan is complete. Click the Remove Selected button in the lower left to get rid of the specified infections. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.
Malwarebytes presents the results of its scan and lets you remove the offending bits with one click. 
If your problems persist after you’ve run the threat scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.

Step 5: Fix your web browser

Malware infections can damage Windows system files and other settings. One common malware trait is to modify your web browser’s homepage to reinfect the PC, display advertisements, prevent browsing, and generally annoy you.
Before launching your web browser, check your homepage and connection settings. For Internet Explorer right-click the Windows 10 Start button and select Control Panel, then Internet Options. Find the Home Page settings in the General tab, and verify that it’s not some site you know nothing about. For Chrome, Firefox, or Edge, simply go to the setttings window of your browser to check your homepage setting.
Make sure that your homepage settings are correct before launching Internet Explorer. PC World PC World

Step 6: Recover your files if Windows is corrupt

If you can’t seem to remove the malware or if Windows isn’t working properly, you may have to reinstall Windows. But before wiping your hard drive, copy all of your files to an external USB or flash drive. If you check your email with a client program (such as Outlook or Windows Mail), make sure that you export your settings and messages to save them. You should also back up your device drivers with a utility such as Double Driver, in case you don’t have the driver discs anymore or don’t want to download them all again. Remember, you can’t save installed programs. Instead, you’ll have to reinstall the programs from discs or redownload them.
If Windows won’t start or work well enough to permit you to back up your files, you may create and use a Live CD, such as Hiren’s BootCD (HBCD), to access your files.
Once you have backed up everything, reinstall Windows either from the disc that came with your PC, by downloading the installation image from Microsoft, or by using your PC’s factory restore option, if it has one. For a factory restore you typically must press a certain key on the keyboard during the boot process in order for restore procedure to initialize, and your PC should tell you what key to press in the first few seconds after you turn it on. It there’s no on-screen instructions consult your manual, the manufacturer, or Google.

Keeping your PC clean

Always make sure that you have a real-time antivirus program running on your PC, and make sure this program is always up-to-date. If you don’t want to spend money on yearly subscriptions, you can choose one of the many free programs that provide adequate protection, such as Avast, AVG, Panda, or Comodo. You can read more about how to find the best antivirus program for your needs right here.
In addition to installing traditional antivirus software, you might consider using the free OpenDNS service to help block dangerous sites. And if you frequent shady sites that might infect your PC with malware, consider running your web browser in sandbox mode to prevent any downloaded malware from harming your system. Some antivirus programs, such as Comodo, offer sandboxing features, or you can obtain them through a free third-party program such as Sandboxie.
When you think that you’ve rid your PC of malware infections, double-check your online accounts, including those for your bank, email, and social networking sites. Look for suspicious activity and change your passwords—because some malware can capture your passwords.
If you have a backup system in place that automatically backs up your files or system, consider running virus scans on the backups to confirm that they didn’t inadvertently save infections. If virus scans aren’t feasible, as is the case with online systems since they usually will only scan a drive attached to your PC or just the C: drive, consider deleting your old backups and resetting the software to begin saving new backups that are hopefully free from infections.
Keep Windows, other Microsoft software, and Adobe products up-to-date. Make sure that you have Windows Update turned on and enabled to download and install updates automatically. If you’re not comfortable with this, set Windows to download the updates but let you choose when to install them.

Gain Network Printer Access

http://in.pcmag.com/networking/16810/help/gain-network-printer-access

Printers

It's not unusual for a non-administrator user to find that he or she can't print to a network printer, even though an administrator on the same system can. There are a number of possible causes, but one definitely worth checking is whether your printer installs a proprietary network port.
To find out, open the Printers and Faxes dialog box (in Windows XP) or the Printers dialog box (in Vista). Right-click on the printer name, choose Properties, and then the Ports tab. If the port description shows as anything but Standard TCP/IP Port, changing the choice to Standard TCP/IP Port may solve the problem. But make sure to note which check box was originally selected, in case you need to restore the setting.

klmover : A tool for changing network agent settings inthe client PC when using Kaspersky Security Center 10

http://support.kaspersky.com/9290

Klmover.exe utility is designed for changing Administration server parameters in Network agent settings on a client computer. The utility is located on a client computer in the Network agent installation folder - C:\Program Files\Kaspersky Lab\Network Agent.

In order to function, the utility must be run on each client computer under a local administrator account.

The utility is started via command prompt and has the following syntax:

klmover [-logfile LOGFILE] [-address SERVER_ADDRESS] [-pn NON_SSL_PORT] [-ps SSL_PORT] [-nossl] [-cert CERTIFICATE] [-silent] [- dupfix]

For example:

klmover -address 172.16.1.1 -logfile klmover.log 

• -logfile LOGFILE. Creates a utility run log. By default, the information is stored in the stdout.tx file; if run without this switch, error messages will appear;
  
• -address SERVER_ADDRESS. A new Administration server name, which can contain IP address, NetBIOS or DNS name;
  
• -pn NON_SSL_PORT. Indicates an Administration server port  to Network agent for establishing a non-secure connection. This switch is optional; the default port is 14000;
  
• -ps SSL_PORT. Indicates an Administration server port  to Network agent for establishing a secure connection. This switch is optional; the default port is 13000;
  
• -nossl. Connects to Administration server using a non-secure connection. Without this switch, the Network agent will connect to the Administration server using the secure SSL protocol.
  
• -cert CERTIFICATE. New Administration server certificate file path. This switch is optional;
  
• -silent. Silent mode.
  
• -dupfix. This switch is required if you installed Network agent using an alternative method (for example, restored it from a system image) instead of using a distribution package.

Note: it is impossible to enable proxy server usage or change its settings using the klmover utility. This can be done by changing Network agent installation package properties.

The utility must be run on a problematic host just once. Multiple execution of the utility on a host will duplicate computer names in  Kaspersky Security Center 10 console.

Probems with the yum command

From:  https://techjourney.net/cannot-retrieve-metalink-for-repository-epel/

When using yum to install or update software packages through “yum install” or “yum update” commands, the following stop error occurred:

Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again

The error is related to inability to connect to external services via HTTPS (443) connection (EPEL repo uses HTTPS connection by default). There are many reasons that can cause this error, thus to resolve the issue, troubleshooting and understanding the underlying issue is important. Here’s several possible solutions for the error above.
One possible possibility is that the CA certificates installed on the system has became outdated, and hence cannot connect directly due to unverifiable certificate errors when getting the updated metalink file for EPEL via HTTPS. In this scenario, update the CA certificates package with the following command:

yum --disablerepo=epel -y update  ca-certificates

Note that you may also need to disable all repos that uses HTTPS protocol and are failing.
If the CA certifications are already latest with no update available, or if you absolutely cannot get through the cannot retrieve the repo path error, it’s possible to force the repository to use HTTP instead of HTTPS. However, do note that this may also indicate that your system is having other problems which you need to find out.
To do so, edit the repository configuration file in /etc/yum.repos.d/, e.g. vi /etc/yum.repos.d/epel.repo, and then comment out the entries that are starting with mirrorlist=, and then uncomment the entries that are starting with baseurl=. For example,

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Tip

You only need to change for the repos that are enabled, i.e. have enabled=1.

An alternative is to change the URL for the mirrorlist to HTTP, from HTTPS. You can do so easily with the following command:

sudo sed -i "s/mirrorlist=https/mirrorlist=http/" /etc/yum.repos.d/epel.repo

Or, edit manually /etc/yum.repos.d/epel.repo, the change the line from:

mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch

To:

mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch

It’s also possible to disable the SSL certificate check by adding following line into appreciate EPEL section of /etc/yum.repos.d/epel.repo:

sslverify=false

For example,

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
sslverify=false

Last but not least, as mentioned above, normally the HTTPS secure connection to retrieve repositories’ databases should work. It it doesn’t, it may hint at a larger problem. The error can also be caused by broken or corrupted packages, or failing yum and rpm functions, such as in the case of mismatched nss-softokn versions. Thus, if issue persisted after updating CA certificates, do check around for possible other issues.

Configure a client computer for automatic domain time synchronization

Updated: September 28, 2009

Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Some computers that are joined to a domain are configured to synchronize from a manual time source. Use the following procedure to configure a client computer that is currently synchronizing with a manually specified computer, to automatically synchronize time with the domain hierarchy.

Note
For more information about the w32tm command, type w32tm /? at a command prompt or see Windows Time Service Tools and Settings on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=42984).

Administrative Credentials

To perform this procedure, you must be a member of the Administrators group on the local computer. To perform this procedure from a remote computer, you must be a member of the Domain Admins group.

To configure a client computer for automatic domain time synchronization

1. Open a Command Prompt.
2. Type the following command and then press ENTER:
   w32tm /config /syncfromflags:domhier /update
3. Type the following command and then press ENTER:
   net stop w32time
4. Type the following command and then press ENTER:
   net start w32time

To resolve this problem automatically, click the Fix this problem link. Then, click Run in the File Download dialog box.

Fix this problem

How To SetUp Time Synchronization (NTP) Server on Ubuntu & LinuxMint

http://tecadmin.net/setup-time-synchronisation-ntp-server-on-ubuntu-linuxmint/#


For System Administrator managing huge number of systems on their LAN. It is best practice to set up your own NTP server and synchronize time of all LAN system from it. Main NTP server will synchronize its time from public NTP servers. This article will help you to Setup time synchronization (NTP) server on Ubuntu, Debian and its derivatives operating systems.

Install NTP Server

To install ntpd server execute following command from a terminal

$ sudo apt-get install ntp

Configure NTP Server

Now we need to set up local NTP server to synchronize their time from public NTP server. You can choose ntp pool server as per you choice or location. Visit pool.ntp.org to find ntp pool. For this example I am using default Ubuntu’s ntp pool servers.
Edit /etc/ntp.conf and change following pools as per your choice. By default these servers are configured:

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.

server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org

Reload NTP Server

After making changes in ntp.conf, reload your server

$ sudo service ntp reload

Open Firewall Ports

NTP server uses port 123 for service requests. So we need to open port 123 in firewall.
Iptables Users:

$ sudo iptables -A INPUT -m state --state NEW -p tcp --dport 123 -j ACCEPT

UFW Users:

$ sudo ufw allow 123/tcp

Synchronize Time on Client

After making all configuration’s, now verify server configuration by synchronizing client systems. For example if you server ip is 192.168.1.100, then run following command through terminal on client system.

$ ntpdate -s 192.168.1.100

Setting up NTP on Ubuntu 14.04

 http://blogging.dragon.org.uk/setting-up-ntp-on-ubuntu-14-04/



This is a really quick post, as most Linux (or M$ Windows) installations will use/need an NTP server to keep the time in sync with other machines on the LAN.

Update and Install

As always, start with an up to date install. Installing the software is just two packages the server, ntp, and some utilities, ntpdate.

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install ntp ntpdate

Which pool to use

If you want a server that syncs its time to the Ubuntu pool that is all you need do. I told you it was a quick post.
BUT, if you want to use some time servers closer to your home. Go and have a look at http://www.pool.ntp.org/en/ there you will find lists of pool servers from all over the world. I live in England so I use the UK pool.
Edit the ntp configuration file.

sudo nano /etc/ntp.conf

Look for the lines similar to these and either remove or comment them out.

server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org
# Use Ubuntu's ntp server as a fallback.
server ntp.ubuntu.com

Replace them with the pool servers of your choice, I will be using the UK pool. You need 3 servers to form a quorum for ntp, so always configure at least 4 servers.

server 0.uk.pool.ntp.org
server 1.uk.pool.ntp.org
server 2.uk.pool.ntp.org
server 3.uk.pool.ntp.org

If this is running a machine that is turned on all the time or for long periods, you can use this setup for your own local time server. Which means you can point all of your other local machines at this one. It will also save a very small amount of your broadband bandwidth.

Local clients

If you have a machine with the setup above and now you want to point your remaining local machines at it. Use the same setup but add the following line to /etc/ntp.conf, for the local clients.

server your.ntp.server.local prefer iburst

This line tell the ntp server to prefer the server at your.ntp.server.local, change ithe hostname to point at your main NTP server. The iburst sends requests quicker at the beginning so it can get established quicker after a restart.

Testing that you are using a time server

After the server has been running for 10-20 minutes it will get synced up and will be keeping your ntp server in time. Run the command below, note it uses watch so it will rerun the command every 2 seconds.

watch ntpq -cpe -cas

You should see some output similar to this

ind assid status  conf reach auth condition  last_event cnt
===========================================================
  1 45093  931a   yes   yes  none   outlyer    sys_peer  1
  2 45094  941a   yes   yes  none candidate    sys_peer  1
  3 45095  9324   yes   yes  none   outlyer   reachable  2
  4 45096  941a   yes   yes  none candidate    sys_peer  1
  5 45097  961a   yes   yes  none  sys.peer    sys_peer  1
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
-84.52.184.247   193.2.1.117      2 u   27   64  377   61.189  -10.651   2.794
+de-ntp01.10g.ch 212.82.32.15     2 u   30   64  373   24.568    1.526   4.754
-mirror.muntinte 193.190.230.65   2 u   28   64  377   17.568    9.128   5.514
+smtp2.xipalia.c 131.188.3.221    2 u   21   64  267   26.973   -1.563   3.192
*golem.canonical 140.203.204.77   2 u    5   64  373   11.054   -0.279   6.532

In the output from ‘pe’ , short for peers. One of the servers listed has a condition of sys.peer. This is the one you are syncing to.
Looking at the output from ‘as’, associations, one of the servers has an ‘*’ by it this is the one you are syncing to.
The columns in the second out put show the following data.

• st stratus, The lower the number the closer you are to the real GPS time source. anything below 3 is good.
• When the number of seconds before the next poll, or time check.
• reach This is a scrolling number in base 8. it show the status of the connections to the sever. When it reads 377 that is the best.
• delay is the time taken to get a reading from the server.
• Offset is how much time your server is out from the ones you are using.
• Jitter the amount of wobble on the time server.

For more information see http://www.ntp.org/.

Stopping and starting the ntp server.

To start, stop, restart the ntp server use the usual commands

sudo service ntp start
sudo service ntp stop
sudo service ntp restart

Installing RPMforge

RPMforge is a collaboration of Dag and other packagers. They provide over 5000 packages for CentOS, including wine, vlc, mplayer, xmms-mp3, and other popular media tools. It is not part of Red Hat or CentOS but is designed to work with those distributions. See also Using RPMforge and Repoforge.

Note: Because this repository is NOT part of CentOS, you should direct support questions to its maintainers at the Repoforge Users mailing list.

Packages are supplied in RPM format and in most cases are ready to use. The default RPMforge repository does not replace official CentOS base packages.

Contents

1. RPMforge for CentOS 6
2. RPMforge for CentOS 5
3. RPMforge for CentOS 4

1. RPMforge for CentOS 6

The default RPMforge repository does not replace any CentOS base packages. In the past it used to, but those packages are now in a separate repository (rpmforge-extras) which is disabled by default.

You can find a complete listing of the RPMforge package packages at http://packages.sw.be/

Download the rpmforge-release package. Choose one of the two links below, selecting to match your host's architecture. If you are unsure of which one to use you can check your architecture with the command uname -i

• i686 http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm
• x86_64 http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

The preferred rpmforge-release package to retrieve and to install in order to enable that repository is one of the two listed above.

Install DAG's GPG key

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

If you get an error message like the following the key has already been imported:

error: http://apt.sw.be/RPM-GPG-KEY.dag.txt: key 1 import failed.

Verify the package you have downloaded

rpm -K rpmforge-release-0.5.3-1.el6.rf.*.rpm

Security warning: The rpmforge-release package imports GPG keys into your RPM database. As long as you have verified the md5sum of the key injection package, and trust Dag, et al., then it should be as safe as your trust of them extends.

Install the package

rpm -i rpmforge-release-0.5.3-1.el6.rf.*.rpm

This will add a yum repository config file and import the appropriate GPG keys.

Then try to install something like this

yum install htop

2. RPMforge for CentOS 5

The default RPMforge repository does not replace any CentOS base packages. In the past it used to, but those packages are now in a separate repository (rpmforge-extras) which is disabled by default.

You can find a complete listing of the RPMforge package packages at http://packages.sw.be/

Download the rpmforge-release package. Choose one of the two links below, selecting to match your host's architecture. If you are unsure of which one to use you can check your architecture with the command uname -i

• i386 http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el5.rf.i386.rpm
• x86_64 http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm

The preferred rpmforge-release package to retrieve and to install in order to enable that repository is one of the two listed above.

Install DAG's GPG key

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

Verify the package you have downloaded

rpm -K rpmforge-release-0.5.3-1.el5.rf.*.rpm

Security warning: The rpmforge-release package imports GPG keys into your RPM database. As long as you have verified the md5sum of the key injection package, and trust Dag, et al., then it should be as safe as your trust of them extends.

Install the package

rpm -i rpmforge-release-0.5.3-1.el5.rf.*.rpm

This will add a yum repository config file and import the appropriate GPG keys.

Then try to install something like this

yum install htop