NTP workaround for environments where "Authenticated NTP" is unavailable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2005 10:53 AM - edited 03-10-2019 01:16 AM
Greetings,
I have figured out a way to have a Cisco IDS appliance running v4.1 of the software update its time via NTP without relying on a server that offers “authenticated time.”
This is accomplished using the following method:
1) Create, if necessary the ‘service’ account (this process is described in the Cisco IDS documentation and in various posts on this forum);
2) Login to the ‘service’ account using a CLI SSH client;
3) Become ‘root’ by issuing the ‘su –‘ command and providing the same password you used to login to the ‘service’ account;
4) Issue the command ‘crontab –e’ to open the ‘root’ user’s crontab file for editing;
5) Add the following lines to the crontab file:
# Use NTP to sync time every other hour
01 */2 * * * /usr/sbin/ntpdate <NTP server IP> /dev/null 2>&1
02 */2 * * * /sbin/hwclock –systohc
6) Verify the crontab using the command ‘crontab –l’;
7) Confirm that the time is accurate at the top of the next even numbered hour by issuing the ‘date’ command; and,
8) Logoff from the ‘service’ account by issuing the ‘exit’ command twice.
NOTE: This is not a Cisco-supported solution! Use at your own risk!
I decided to try this due to two factors. My sensors are suffering from a time drift issue and, I do not control the existing timeservers in my environment. Due to the later, I cannot change their configuration to support “authenticated time” and I cannot deploy my own timeserver to offer it either.
For those of you in the same boat as me (no authenticated time available and a desperate need to have synced time on your production sensors), I hope this helps.
Alex Arndt
- Labels:
-
IPS and IDS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2005 02:40 PM
Thank you. I knew there had to be a way, but not UNIX savy so was about to give up.
