#!/bin/ksh # $Id: ntp,v 1.8 2008/10/26 18:53:16 ksb Exp $ # Run some checks & report some information on the local host. # #****p* netlint/ntp # NAME # ntp # DESCRIPTION # Each host should run a time synchronization daemon (viz. xntpd or ntpd) to # keep the system clock accurate. Netlint sanity checks the configuration of # these programs. # IMPACT # A host with a bad clock will report errors in the past or future, either # of which makes tracking cause and effect hard (at best). Filesystem dumps, # log file, cron jobs, and the atq can all be hosed by a poor time-base. #*** #****a* ntp/STDERR_NTP # NAME # STDERR_NTP # FORMAT # STDERR_NTP: text # DESCRIPTION # The stderr output from ntpdc or xntpdc, or ntpq. # SEE ALSO # STDERR_program #*** progname=`basename $0` : ${CARP:=echo} : ${NTPCONF:=/etc/inet/ntp.conf} [ ! -f "$NTPCONF" ] && NTPCONF=/etc/inet/ntp.conf [ ! -f "$NTPCONF" ] && NTPCONF=/etc/ntp.conf if [ _-V = _$1 ] ; then echo "$progname: "'$Id: ntp,v 1.8 2008/10/26 18:53:16 ksb Exp $' [ ! -s "$NTPCONF" ] && echo "$progname: $NTPCONF: missing?" exit 0 fi TFILE=/tmp/ntpd.$$.$((RANDOM%100)) #****a* ntp/NTP_STRATUM # NAME # NTP_STRATUM # FORMAT # NTP_STRATUM: stratum # DESCRIPTION # The running ntpd (or xntpd) reported this stratum to netlint. Site policy # might decide that this is good or bad. The only really bad value is 16 # which generally means that we can't find a peer, but we'll report that # elsewhere. #*** # check our stratum and ntp servers STRATUM=`echo rv |ntpq |sed -n -e "s/.*stratum=\([0-9]*\).*/\1/p"` 2>/dev/null : ${STRATUM:=`echo sysinfo | xntpdc | sed -n -e 's/stratum[ : ]*\([0-9]*\)/\1/p'`} $CARP "NTP_STRATUM: ${STRATUM:-.}" ntpq -np 2>$TFILE.err >$TFILE.out || xntpdc -np 2>$TFILE.err >$TFILE.out if [ -s $TFILE.err ]; then sed -e 's/^/STDERR_NTP: /' <$TFILE.err else #****a* ntp/NTP_PEER_DEAD # NAME # NTP_PEER_DEAD # FORMAT # NTP_PEER_DEAD: nodename # DESCRIPTION # A node which the node tries to use as a time-base is not responding to our # polls. # REMEDIATION # Find a better time-base. Also, check that node for issues; it might just be # retired. #*** #****a* ntp/NTP_PEER_SYNC # NAME # NTP_PEER_SYNC # FORMAT # NTP_PEER_SYNC: no server found # DESCRIPTION # None of our time-bases provide any joy. # REMEDIATION # Our clock is more than likely off in anycase. Reset the clock on the host, # check the configuration of ntpd and restart ntpd. /etc/init.d/*ntp* might # be the start script. #*** #****a* ntp/NTP_PEER_FEW # NAME # NTP_PEER_FEW # FORMAT # NTP_PEER_FEW: integer # DESCRIPTION # We don't have enough peers. Site policy should be used here. We hard code # that every node should have at least 2 peers for a valid time-base. See the # internal NTP document for a tactic to pick new peers. # REMEDIATION # Remediate the configuration and restart the daemon. Check the report on the # next major report cycle. #*** awk 'BEGIN { STAR=0; GOODNTP=0 } /^\*/{ STAR=1; } /refid|===/{ next; } { if ($5 ~ /-/ && $0 ~ /^ /) print "NTP_PEER_DEAD: "$1; else GOODNTP++; } END { if (0 == STAR) print "NTP_PEER_SYNC: no server found"; if (GOODNTP < 2) print "NTP_PEER_FEW: ", GOODNTP; } ' <$TFILE.out fi | xapply -f "$CARP '%1'" - rm $TFILE.err $TFILE.out exit 0