NTP

NTP is the network time protocol, it enables you to keep the time in sync with “real time”. The reason for this is because a server needs accurate time for many things such as logging server activity or performing scheduled backups at an particular time interval. By ensuring the time is correct, we can ensure the logs to be accurate based on the time stamp.

One of the issues with in accurate time is due to time drift, this causes a number of issues for this website on 2 occasions.

1) The first instance was in relation to the OCSP as the time drift causes the certificate to believe it was in valid. We had to restart the server to force the server to recheck the time upon rebooting.

2) The second issue in relation to the Google authenticator, due to the time drift on the server and the time variance on the Google authenticator, the Google two factor authentication application wasn’t able to generate the correct code in correlation to the server time.

apt-get install ntp

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libnet-daemon-perl libplrpc-perl
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  libopts25
Suggested packages:
  ntp-doc
The following NEW packages will be installed:
  libopts25 ntp
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 637 kB of archives.
After this operation, 1,457 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.mirrors.ovh.net/debian/ wheezy/main libopts25 amd64 1:5.12-0.1 [73.8 kB]
Get:2 http://security.debian.org/ wheezy/updates/main ntp amd64 1:4.2.6.p5+dfsg-2+deb7u4 [563 kB]
Fetched 637 kB in 0s (4,074 kB/s)      
Selecting previously unselected package libopts25.
(Reading database ... 28449 files and directories currently installed.)
Unpacking libopts25 (from .../libopts25_1%3a5.12-0.1_amd64.deb) ...
Selecting previously unselected package ntp.
Unpacking ntp (from .../ntp_1%3a4.2.6.p5+dfsg-2+deb7u4_amd64.deb) ...
Processing triggers for man-db ...
Setting up libopts25 (1:5.12-0.1) ...
Setting up ntp (1:4.2.6.p5+dfsg-2+deb7u4) ...
[ ok ] Starting NTP server: ntpd.

With NTP installed, we can check our NTP sync with the following command:

ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
-37.59.25.31     145.238.203.14   2 u   45   64  377    0.143    3.149   0.300
*193.225.118.162 195.111.107.122  2 u   46   64  377   21.372    1.515   1.903
-2001:41d0:8:897 145.238.203.14   2 u   46   64  377   10.438    3.549   0.239
+37.187.109.209  138.96.64.10     2 u   42   64  377   12.148    1.394   0.205
+91.189.89.199   193.79.237.14    2 u   36   64  377   14.764    2.056   0.328

To find out how much time difference there is between your server and the official time sync we can run the following command:

ntpdate -q ntp0.ovh.net
server 213.251.128.249, stratum 1, offset 0.001763, delay 0.02611
25 Aug 22:52:02 ntpdate[13347]: adjust time server 213.251.128.249 offset 0.001763 sec

As we can see the difference is minimum, this is good for us.

ntpdate -q ntp0.ovh.net
server 213.251.128.249, stratum 1, offset -167.164755, delay 0.02640
 5 Jan 22:40:43 ntpdate[1847]: step time server 213.251.128.249 offset -167.164755 sec

In the above example, we can see that the clock is off sync by 167 seconds which is over 2 minutes and 47 seconds difference.