Lovell Mcilwain wrote:
Paul Howarth wrote:
Lovell Mcilwain wrote:
Paul Howarth wrote:
Lovell Mcilwain wrote:
Paul Howarth wrote:
Lovell Mcilwain wrote:
Hello all,
I just installed a logwatch on my machine and ran it for the
first time just a few minutes ago. It showed me something very
interesting and it was the only thing in the logwatch log. Just
a bunch of the same entries. The IP address varied but most of
them looked like invalid arguments except for about 3 of them
that didn't. See below:
--------------------- XNTPD Begin ------------------------
**Unmatched Entries**
.....
sendto(80.190.233.67): Invalid argument
synchronized to 80.190.233.67, stratum 2
synchronized to 80.33.117.152, stratum 3
sendto(80.190.233.67): Invalid argument
.....
---------------------- XNTPD End -----------------------
Does anyone know what this means or can this possibly mean that
my system has been hacked?
These entries mean that some of the ntp servers you're using
(probably results returned from lookups of pool.ntp.org) aren't
responding reliably. This is not unusual and may be a result of
issues with your own network link.
I did check my preferences for my time server and found that I
didn't have a time server specified even though I had ntp enabled.
I guess my other question is, if I don't manually specify one, does
it choose from any of the other ones as a default? I noticed in my
ntp.conf file there a bunch of time servers listed. But does it
restrict itself to the # --- OUR TIMESERVERS ----- section?
What's the output of:
$ grep '^[^#]*server' /etc/ntp.conf
Of course, I should have known that. Here is the output.
[root@localhost etc]# grep '^[^#]*server' /etc/ntp.conf
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 127.127.1.0
So, as suspected, you're using the default configuration, with time
servers selected essentially at random from the pool.ntp.org set.
See http://www.pool.ntp.org/ for more details, including how to limit
the servers to those more local to you.
Paul.
