forked from konstruktoid/hardening
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtimesyncd
92 lines (78 loc) · 2.18 KB
/
timesyncd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
function f_timesyncd {
echo "[$SCRIPT_COUNT] Systemd/timesyncd.conf"
local LATENCY
local SERVERS
local SERVERARRAY
local FALLBACKARRAY
local TMPCONF
APPLY="YES"
CONF="$TIMESYNCD"
FALLBACKARRAY=()
FALLBACKSERV=0
LATENCY="50"
NUMSERV=0
SERVERARRAY=()
SERVERS="4"
TMPCONF=$(mktemp --tmpdir ntpconf.XXXXX)
if [[ -z "$NTPSERVERPOOL" ]]; then
local NTPSERVERPOOL
NTPSERVERPOOL="0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org pool.ntp.org"
fi
echo "[Time]" > "$TMPCONF"
PONG="${PINGBIN} -c2"
# shellcheck disable=2086
while read -r s; do
if [[ $NUMSERV -ge $SERVERS ]]; then
break
fi
local PINGSERV
PINGSERV=$($PONG "$s" | grep 'rtt min/avg/max/mdev' | awk -F "/" '{printf "%.0f\n",$6}')
if [[ $PINGSERV -gt "1" && $PINGSERV -lt "$LATENCY" ]]; then
OKSERV=$(nslookup "$s"|grep "name = " | awk '{print $4}'|sed 's/.$//')
# shellcheck disable=2143
# shellcheck disable=2243
# shellcheck disable=2244
if [[ $OKSERV && $NUMSERV -lt $SERVERS && ! (( $(grep "$OKSERV" "$TMPCONF") )) ]]; then
echo "$OKSERV has latency < $LATENCY"
SERVERARRAY+=("$OKSERV")
((NUMSERV++))
fi
fi
done <<< "$(${DIGBIN} +noall +answer +nocomments $NTPSERVERPOOL | awk '{print $5}')"
for l in $NTPSERVERPOOL; do
if [[ $FALLBACKSERV -le "2" ]]; then
FALLBACKARRAY+=("$l")
((FALLBACKSERV++))
else
break
fi
done
if [[ ${#SERVERARRAY[@]} -le "2" ]]; then
for s in $(echo "$NTPSERVERPOOL" | awk '{print $(NF-1),$NF}'); do
SERVERARRAY+=("$s")
done
fi
{
echo "NTP=${SERVERARRAY[*]}"
echo "FallbackNTP=${FALLBACKARRAY[*]}"
echo "RootDistanceMaxSec=1"
} >> "$TMPCONF"
if [[ $APPLY = "YES" ]]; then
cat "$TMPCONF" > "$CONF"
systemctl restart systemd-timesyncd
rm "$TMPCONF"
else
echo "Configuration saved to $TMPCONF."
fi
if [[ -n "$TIMEDATECTL" ]]; then
echo "Setting time zone to $TIMEDATECTL"
timedatectl set-timezone "$TIMEDATECTL"
fi
if [[ $VERBOSE == "Y" ]]; then
systemctl status systemd-timesyncd --no-pager
echo
timedatectl
echo
fi
((SCRIPT_COUNT++))
}