Configuring an NTP Server on Linux

With simple steps, you can learn how to configure a Chrony NTP server on Linux (AlmaLinux), allowing for synchronized system clocks vital for logs, security, and coordinated processes. An **[NTP or Network Time Protocol server](https://www.geeksforgeeks.org/network-time-protocol-ntp/)** is a crucial component in networked environments that synchronizes computer and device clocks, ensuring accurate and consistent time for various operations. It obtains precise time information from reliable sources and distributes it to client devices, providing synchronized clocks across the network. This synchronization is vital for log accuracy, security protocols, coordination in distributed systems, and regulatory compliance. **[Chrony is a modern NTP client and server](https://www.redhat.com/sysadmin/chrony-time-services-linux/)** on Linux (**[AlmaLinux](https://www.liquidweb.com/kb/what-is-almalinux/)**) designed to synchronize computer system clocks. It offers enhancements and flexibility that make **_chronyd_** an excellent alternative to **_ntpd_**, a **[traditional NTP daemon](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-configuring_ntp_using_the_chrony_suite#sect-differences_between_ntpd_and_chronyd)**. Chrony (also known as the **_chronyd_** daemon) ensures accurate timekeeping even in skewed system clocks or intermittent network connections, making it a versatile and efficient choice for NTP implementation. In this article, you can learn more about installing and configuring a Chrony NTP server on Linux (AlmaLinux) with simple steps, but first let’s review the key points contained within this post: ## Key points This help article will inform the reader with regard to: - Running an NTP server on Linux (AlmaLinux). - Logging into your Liquid Web sever. - Installing and configuring the NTP server on AlmaLinux. - Starting and enabling the NTP service. - Managing the firewall. - Configuring access controls in the **_chrony.conf_** file. - Adjust the system clock. ## About running an NTP server on Linux (AlmaLinux) Installing a Chrony NTP server on Linux (AlmaLinux) is crucial for maintaining system stability, security, and compliance. NTP ensures seamless operation of tasks, logs, and security mechanisms. Accurate timekeeping in log files helps maintain system stability, while synchronized clocks enable security protocols. Consistent timekeeping enhances coordination within distributed systems and meets regulatory compliance requirements for precise timestamping. Thus, installing a Chrony NTP server on AlmaLinux is essential for a reliable and secure computing environment. ## How to configure the NTP server on Linux (AlmaLinux) You can install and configure the Chrony NTP server on Linux (AlmaLinux) using the following steps. ### Prerequisites - AlmaLinux OS 8 is the operating system and version this article is intended for. - Ensure you have **_root_** or **_sudo_** access to install and configure the Chrony NTP server. - A minimum of 1 GB of RAM and 10 GB of disk space are recommended. ### Step #1. Log into your server **[Access your Liquid Web server over SSH](https://www.liquidweb.com/kb/ssh-connect-remote-server/)** or another remote access method. ### Step #2. Update your system Keeping your system up to date is crucial. The following command will help you to update the package repositories and install any available updates: ``` sudo dnf update ``` Then, install the Extra Packages for Enterprise Linux (EPEL) repository using the following command: ``` sudo dnf install epel-release ``` Here is the output: ``` ]# sudo dnf install epel-release Last metadata expiration check: 0:00:25 ago on Sun 03 Dec 2023 05:53:24 PM UTC. Dependencies resolved. ============================================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================================== Installing: epel-release noarch 8-19.el8 extras 24 k Transaction Summary ============================================================================================================================================================================================================================================== Install 1 Package Total download size: 24 k Installed size: 35 k Is this ok [y/N]: y Downloading Packages: epel-release-8-19.el8.noarch.rpm 4.9 MB/s | 24 kB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 281 kB/s | 24 kB 00:00 AlmaLinux 8 - Extras 4.9 MB/s | 5.0 kB 00:00 Importing GPG key 0xC21AD6EA: Userid : "AlmaLinux <[email protected]>" Fingerprint: E53C F5EF 91CE B0AD 1812 ECB8 51D6 647E C21A D6EA From : /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux Is this ok [y/N]: y Key imported successfully Importing GPG key 0xCED7258B: Userid : "AlmaLinux OS 8 <[email protected]>" Fingerprint: BC5E DDCA DF50 2C07 7F15 8288 2AE8 1E8A CED7 258B From : /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux Is this ok [y/N]: y Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : epel-release-8-19.el8.noarch 1/1 Running scriptlet: epel-release-8-19.el8.noarch 1/1 Many EPEL packages require the CodeReady Builder (CRB) repository. It is recommended that you run /usr/bin/crb enable to enable the CRB repository. Verifying : epel-release-8-19.el8.noarch 1/1 Installed: epel-release-8-19.el8.noarch Complete! ``` ### Step #3. Install the Chrony NTP server Use the following command to install the Chrony NTP server on Linux (AlmaLinux): ``` sudo dnf install chrony ``` This command installs the Chrony NTP daemon on the Linux (AlmaLinux) system. Here is the output: ``` ]# sudo dnf install chrony Last metadata expiration check: 0:07:52 ago on Sun 03 Dec 2023 03:32:25 PM UTC. Dependencies resolved. ============================================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================================== Installing: chrony x86_64 4.2-1.el8 baseos 332 k Transaction Summary ============================================================================================================================================================================================================================================== Install 1 Package Total download size: 332 k Installed size: 671 k Is this ok [y/N]: y Downloading Packages: chrony-4.2-1.el8.x86_64.rpm 22 MB/s | 332 kB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 3.3 MB/s | 332 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: chrony-4.2-1.el8.x86_64 1/1 Installing : chrony-4.2-1.el8.x86_64 1/1 Running scriptlet: chrony-4.2-1.el8.x86_64 1/1 Verifying : chrony-4.2-1.el8.x86_64 1/1 Installed: chrony-4.2-1.el8.x86_64 Complete! ``` ### Step #4. Configure the Chrony NTP server Edit the Chrony NTP configuration file located at **_/etc/chrony.conf_** to configure the NTP server on Linux (AlmaLinux) using any of the text editors (for example, **_nano_**): ``` sudo nano /etc/chrony.conf ``` By default, Chrony will use the NTP pool servers. So, comment out the default pool and add or modify the **_server_** lines if you want to define custom servers. Within the **_/etc/chrony.conf_** file, you’ll find a section specifying NTP servers. Here’s an example: ``` server test.server1.com iburst ``` Replace **_test.server1.com_** with your NTP server. Save the file, then exit from the text editor. The **_iburst_** option helps with faster synchronization. Here is the output: ``` # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #pool 2.almalinux.pool.ntp.org iburst server test.server1.com iburst ``` ### Step #5. Start and enable NTP service Use the following commands to start the Chrony NTP service and enable it to start upon boot: ``` sudo systemctl start chronyd sudo systemctl enable chronyd ``` Then, check the status of the Chrony NTP service to ensure it’s running without issues: ``` sudo systemctl status chronyd ``` Here is the output: ### Step #6. Configure the firewall (firewalld) If you’re **[using firewalld](https://firewalld.org/)**, open **[User Datagram Protocol (UDP)](https://www.cloudflare.com/learning/ddos/glossary/user-datagram-protocol-udp/)** port **_123_** for NTP traffic and reload so the change takes effect: ``` sudo firewall-cmd --zone=public --add-port=123/udp --permanent sudo firewall-cmd --reload ``` Here is the output: ``` ]# sudo firewall-cmd --zone=public --add-port=123/udp --permanent success ]# sudo firewall-cmd --reload success ``` If you want to check if NTP service is available, use the following command: ``` sudo firewall-cmd --list-ports ``` Here is the output: ``` ]# sudo firewall-cmd --list-ports 123/udp ``` ### Step #7. Verify the NTP server installation Check the Chrony NTP synchronization status with the following command. This command displays a list of configured sources and their synchronization status: ``` chronyc sources ``` Here is the output: ``` ]# chronyc sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^? test.server1.com 0 8 0 - +0ns[ +0ns] +/- 0ns ``` ### Step #8. NTP security (optional) For added security, consider **[configuring access controls](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-configuring_ntp_using_the_chrony_suite#sect-Understanding_the_chrony_configuration_commands)** in the **_chrony.conf_** file. For example, you can restrict access to your local network; ``` allow 192.168.1.0/24 ``` ### Step #9. Adjust the system clock To synchronize the system clock immediately, use the following command: ``` sudo chronyc -a makestep ``` Here is the output: ``` ]# sudo chronyc -a makestep 200 OK ``` ### Step #10. Restart the NTP service Restart the Chrony NTP service to reflect the configuration changes. Use the following command to restart the Chrony NTP service: ``` sudo systemctl restart chronyd ``` Congratulations! With the procedure documented above, you successfully learned how to configure a Chrony NTP server on Linux — AlmaLinux specifically — allowing for synchronized system clocks vital for logs, security, and coordinated processes. ## How to uninstall or remove the NTP server If you need to uninstall or remove the Chrony NTP server, use the following command: ```bash sudo dnf remove chrony ``` Output: ```bash ]# sudo dnf remove chrony Dependencies resolved. ============================================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================================== Removing: chrony x86_64 4.2-1.el8 @System 671 k Transaction Summary ============================================================================================================================================================================================================================================== Remove 1 Package Freed space: 671 k Is this ok [y/N]: y Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: chrony-4.2-1.el8.x86_64 1/1 Erasing : chrony-4.2-1.el8.x86_64 1/1 warning: /etc/chrony.conf saved as /etc/chrony.conf.rpmsave Running scriptlet: chrony-4.2-1.el8.x86_64 1/1 Verifying : chrony-4.2-1.el8.x86_64 1/1 Removed: chrony-4.2-1.el8.x86_64 Complete! ``` ## Sources https://www.liquidweb.com/help-docs/ntp-server-on-linux-almalinux/