CSEC_PUBLIC/How-To-Secure-A-Linux-Server
1
0
Fork 0
mirror of https://github.com/imthenachoman/How-To-Secure-A-Linux-Server.git synced 2026-03-24 05:22:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add systemd-timesyncd setup instructions for Debian 13

Browse Source 
Added instructions for using systemd-timesyncd on Debian 13 and later, including enabling NTP synchronization, configuring trusted NTP servers, and checking synchronization status.
This commit is contained in:
moltenbit
2026-03-05 10:56:55 +01:00
committed by GitHub
parent d22bb50c64
commit bfa59bdb01
1 changed files with 70 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
README.md
View File

@@ -1015,6 +1015,76 @@ NTP stands for Network Time Protocol. In the context of this guide, an NTP clien
#### Steps
##### Debian 13 (Trixie) and later: systemd-timesyncd
`systemd-timesyncd` is a lightweight SNTP client that is already included in Debian. Unlike the full `ntpd` daemon, it does not listen on any port, which makes it a smaller attack surface. For the purposes of this guide - keeping your server's clock in sync - it is all you need.
1. Enable NTP synchronization:
``` bash
sudo timedatectl set-ntp true
```
1. Verify it is working:
``` bash
timedatectl status
```
You should see `NTP service: active` and `System clock synchronized: yes` in the output.
1. Configure trusted NTP servers. Make a backup of the configuration file and then edit it:
``` bash
sudo cp --archive /etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf-COPY-$(date +"%Y%m%d%H%M%S")
```
Edit `/etc/systemd/timesyncd.conf` and uncomment/set the `[Time]` section:
```
[Time]
NTP=pool.ntp.org
FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org
```
[For the lazy](#editing-configuration-files---for-the-lazy):
``` bash
sudo sed -i -r -e "s/^#?NTP=.*$/NTP=pool.ntp.org # added by $(whoami) on $(date +"%Y-%m-%d @ %H:%M:%S")/" /etc/systemd/timesyncd.conf
sudo sed -i -r -e "s/^#?FallbackNTP=.*$/FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org # added by $(whoami) on $(date +"%Y-%m-%d @ %H:%M:%S")/" /etc/systemd/timesyncd.conf
```
1. Restart the service to apply the changes:
``` bash
sudo systemctl restart systemd-timesyncd
```
1. Check the synchronization status:
``` bash
timedatectl timesync-status
```
> ```
> Server: 108.61.56.35 (pool.ntp.org)
> Poll interval: 32s (min: 32s; max: 34min 8s)
> Leap: normal
> Version: 4
> Stratum: 2
> Reference: C342F10A
> Precision: 1us (2^0)
> Root distance: 24.054ms (max: 5s)
> Offset: +2.156ms
> Delay: 48.567ms
> Jitter: 1.452ms
> Packet count: 3
> ```
##### Debian 12 (Bookworm) and earlier: ntp package
> **Note:** These steps apply to **Debian 12 and earlier** only. On Debian 13+, the `ntp` package is no longer available -- use the [systemd-timesyncd steps](#debian-13-trixie-and-later-systemd-timesyncd) above instead.
1. Install ntp.
On Debian based systems: