الترجمة الالية للوصف
- مرات التنزيل: 222
- متطلبات التشغيل:
- الاصدار : 1.25
- اضيف في: 2011-05-05 00:00:00
- اخر تحديث: 04/05/2011
- الموقع علي الانترنت:
Chrony project is a pair of programs which are used to maintain the accuracy of the system clock on a computer. The two programs are called chronyd and chronyc . Chronyd is a background (daemon) program, which can be started at boot time. Chronyc provides a user interface to chronyd for monitoring its performance and configuring various settings.What can chrony do?Chrony can be used to keep your computer clock in step with the true time (actually UTC), and/or to keep a network of computers in time with one another.To keep in step with true time, your computer has to have a reference to look at. This could be one of the following:- Network time protocol (NTP) server. The Internet contains a large number of NTP servers which themselves are referenced to UTC (via other servers or directly connected hardware clocks). If you can find and get access to one or more NTP servers you will be able to configure chronyd to synchronise your computer with them. chronyd can act as an NTP server in its own right. - Your wristwatch. If all else fails, you can periodically use chronyc to tell chronyd the true time, by typing it into your keyboard and pressing Return at the correct epoch. chronyd will work out the average rate at which your computer clock loses or gains time, and compensate accordingly the rest of the time. Obviously, the accuracy of this method is rather limited, but it can be used if you have an isolated network of computers where the primary requirement is to keep the computers synchronised together, with only a secondary requirement to have them report the true time of day. - Hardware reference clock. You might have a GPS receiver or radio clock receiver connected to your computer. So far, chrony does not have any support for such things (I don't have access to one to work out how to program it!) - Your system's real-time clock For all recent versions of Linux, there is support for using the systems real-time clock (RTC) (the one that maintains the time when the system is turned off) at boot time to restart chronyd with a good estimate of the true time. This is done by working out how much time the RTC gains or loses over a certain period, and using this information to correct the RTC reading at the next boot. This is useful for machines that are only powered up while they are being used. (Indeed, I only got round to adding this feature when my PC got moved to another room and I could no longer leave it running continuously.)The other major feature is if you have an intermittent (e.g. dial-up) connection to the network where your NTP servers are. chronyd has been specifically written to work well in this case, and it still works well in a "permanently connected" mode.What will chrony run on?chronyd has to interact with specific system calls to control your system's clock. Because the calls available vary from system to system, only certain types of system are supported. It's not really possible to provide a generic version that will work on every kind of Unix.However, chronyd already supports the following system types: - Linux. All recent versions (kernel 2.2 and later) are supported. These versions can also work with your PC's real time clock (RTC), i.e. the clock that keeps time when the main system is powered off. This allows the system time to be set quite accurately when you power up, even if the RTC runs fast or slow. Intel/AMD x86 series systems and PowerPC systems are supported. It's believed that other Linux variants (e.g. SPARC) probably work, though I haven't had reports about this recently.- Linux (older). Kernels from 2.0.32 onwards are fully supported. Kernels earlier than that don't allow chronyd to offer the RTC functions. Kernels in the 2.1 series are also not supported for RTC.- SPARC Solaris 2.5/2.5.1/2.6/2.7/2.8 on various platforms including Sparc 20 and many Ultrasparcs.- Solaris 2.8 on x86 - SunOS 4.1.4 on Sparc 2 and Sparc 20. - BSD/386 (using the SunOS 4.1.4 driver). - NetBSD. Other BSD variants are believed to work (so I've been told), if you edit the configure script to recognize your system as SunOS or BSD/386.chronyc - this tool does not need access to any special system calls, so is a lot more portable than chronyd. For example, chronyc is known to build and work under Cygwin on Windows NT. What's New in This Release: [ read full changelog ]
Several vulnerabilities have been discovered in chronyd. These bugs can be exploited for a remote denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:
· chronyd replies to all cmdmon packets from unauthorized hosts with NOHOSTACCESS message. This can be used to create a loop between two chrony daemons which don't allow cmdmon access from each other by sending a packet with spoofed source address and port. This will cause high CPU, network and syslog usage.
· FIX: Don't reply to invalid cmdmon packets
· The client logging facility doesn't limit memory which is used to keep informations about clients. If chronyd is configured to allow access from a large IP address range, an attacker can cause chronyd to allocate large amount of memory by sending NTP or cmdmon packets with spoofed source addresses. By default only 127.0.0.1 is allowed.
· FIX: Limit client log memory size
· There are several ways that an attacker can make chronyd log messages and possibly fill up disk space. The rate for these messages should be limited.
· FIX: Limit rate of syslog messages
· These bugs have been fixed in the new Chrony 1.24 release and in Chrony 1.23.1, both available for download at the download area. Patches are here, here, and here.
· We recommend that you upgrade your Chrony package to version 1.24. If you cannot upgrade because you need compatibility with the old cmdmon protocol upgrade to 1.23.1. Upgrade via your distribution's repositories if possible: they should have patched versions available shortly.
Moshax.com only provide legal software, please help us keeping pur site legal, if you think this page is violating copyrights please let us know by clicking here Here