Setup Timezone and NTP on CentOS 6

Introduction

For server administrators, it’s important to set and maintain the time on servers correctly. Wrongly configured time will cause chaos within the server environment, such as data inconsistency, data synchronization failures, and job scheduling problems.

To avoid these undesirable issues, first, you need to set a reasonable time zone on your server, giving your server a relatively precise local time. Second, for communication purposes, you can also use NTP (Network Time Protocol) to synchronize the time of your servers and remote NTP servers, keeping the time on your machines in perfect order.

In this article, I will show you how to set the time zone and how to synchronize the time using NTP on a CentOS 6 x64 server.

Prerequisites

I assume that you have deployed a CentOS 6 x64 Vultr server instance from scratch and have logged in as root.

Step 1: Set the timezone

Input the following command in your terminal:

date

As you see, the Vultr CentOS 6 x64 OS uses the UTC time by default. You can modify it to any time zone as you wish, but using the local timezone of the server’s physical location is a best practice.

If our server was running in China, then we would use the “Asia/Shanghai” time zone:

rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

You can navigate to the directory /usr/share/zoneinfo to find the appropriate time zone. There is an excellent resource on Wikipedia for timezone listings.

Input date again, you will find that the local system time has changed to CST (China Standard Time) GMT+0800.

Next, we will write the system time info into the hardware clock.

vi /etc/sysconfig/clock

Modify the content of this file as below.

ZONE="Asia/Shanghai"
UTC=false
ARC=false

Save and quit.

:wq

Write the system time into the hardware clock.

hwclock --systohc --localtime

Input hwclock to see the result.

Step 2: Upgrade NTP

By default, the ntp daemon program has been installed and set up to run on the Vultr CentOS 6 x64 server instance. For security purposes, the first thing that we should do is to upgrade it to the latest version.

To see the ntpd version:

ntpd --version

At the time of writing, the default installed version is “4.2.6p5”.

Stop the ntpd service:

service ntpd stop

Download the latest version of the ntp program from its official website:

wget http://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p2.tar.gz

Unzip and go into the newly created directory:

tar -zxvf ntp-4.2.8p2.tar.gz
cd ntp-4.2.8p2

Install the necessary components for our installation:

yum -y install gcc libcap-devel

Because we are going to upgrade the existing ntpd program, we need to determine the owner and group info:

cat /etc/group
cat /etc/passwd

As you see, the ntp program belongs to the owner ntp (uid=38) and the group ntp (gid=38).

For security purposes, update the configuration of the ntp user account:

usermod -c "Network Time Protocol" -d /var/lib/ntp -u 38 -g ntp -s /bin/false ntp

Compile and install the ntp program:

./configure --prefix=/usr --bindir=/usr/sbin --sysconfdir=/etc --enable-linuxcaps --with-lineeditlibs=readline --docdir=/usr/share/doc/ntp-4.2.8p2 && make
make install && install -v -o ntp -g ntp -d /var/lib/ntp

Once the installation has completed, you can check the ntpd version again:

ntpd --version

As you see, the ntp program has been upgraded to the latest version “4.2.8p2”.

Step 3: Configure ntp

For better performance and security, we need to modify the default configuration:

vi /etc/ntp.conf

In the ntp.conf configuration file, you can find the ntp servers like:

server 1.time.constant.com
server 2.time.constant.com
server 3.time.constant.com

For faster synchronization speed, you can change these servers to the ones in the region or even in the country of your datacenter. For example, in United States, you can use:

server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
server 3.us.pool.ntp.org

More NTP pool time servers can be found on the NTP support website.

For security purposes, we should restrict permissions. While still in the ntp.conf configuration file, find the following two rows:

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

Modify them as below:

restrict default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery

Additionally, we need to add the following two rows:

pidfile   /var/run/ntpd.pid
leapfile  /etc/ntp.leapseconds

Save and quit:

:wq

Reboot the system:

reboot

Step 4: Configure the firewall

Add the following sentence to the iptable configuration file /etc/sysconfig/iptables:

-A  INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT

Restart the firewall.

service iptables restart

At this point, NTP is fully configured. The ntpd program will continually adjust the time of your server.

If needed, you can check the time synchronization status with the following command:

ntpstat