On 27 Sep 2014 at 8:48, Carl Brewer wrote:

> On 25/09/2014 8:47 AM, Greg Troxel wrote:
> >
> > Carl Brewer <***@bl.echidna.id.au> writes:
> >
> >> On bootup on a NetBSD 5.2 (amd64) box of mine the original system ntpd
> >> starts (which is vulnerable to a DoS attack) :
> >>
> >> bash-4.3# ps -auxww | grep ntp
> >> root 269 0.2 0.1 11324 5424 ? Ss 3:44AM 4:19.12
> >> /usr/sbin/ntpd
> >>
> >> bash-4.3# kill -TERM 269
> >>
> >> bash-4.3# /etc/rc.d/ntpd start
> >> Starting ntpd.
> >>
> >> bash-4.3# !ps
> >> ps -auxww | grep ntp
> >> root 1969 0.0 0.2 11340 7288 ? Ss 6:42AM 0:00.01
> >> /usr/pkg/sbin/ntpd
> >>
> >> I've grepped through /etc for ntpd and can't find any references to
> >> /usr/sbin/ntpd anywhere - I replaced /etc/rc.d/ntpd with the one from
> >> pkgsrc when I replaced ntpd with the pkgsrc one (and, as above, when I
> >> run /etc/rc.d/ntpd by hand it does the right thing!).
> >
> > in /etc/rc.d/ntpd I see
> >
> > command="/usr/sbin/${name}"
> >
> > It may be possible to override with /etc/rc.conf.d/ntpd and setting
> > command= in there.
> >
> > It looks like your path is changing which ntpd gets run.
> >
> > Are you saying that after you moved the pkgsrc rc.d/ntpd into /etc/rc.d,
> > and then rebooted, you still have the system ntpd?
>
> Yes, sometimes. It's like it's some boot up sequence race condition.
>
>
> Read the rc.d file -
> > is it calling ntpd without a fully-qualified path?
>
> From /etc/rc.d/ntpd :
>
> name="ntpd"
> rcvar=$name
> command="/usr/pkg/sbin/${name}"
>

Hi

On all of my pcs I've hardcoded /etc/rc.d/ntpd to point to
/usr/local/bin which is where ntp-dev-4.2.7p465 ended up.

All four ntp.pool.org servers have:

rc.conf:
ntpdate=YES
ntpd=YES
ntpd_flags="-g -N -p /var/run/ntpd.pid"

Probably one of /etc/rc.local, /etc/rc.conf.local or
/etc/rc.local would be correct place but my netbsd systems
date from 1997 and have a lot of files I'd like to get rid
of I but don't unless I have a problem as the diskspace
used is insignificant.


David