I-NTPsec, ukuqaliswa okuthuthukisiwe kwe-NTP

ntpsec

ilogo ye-ntpsec

I-NTPsec iphrojekthi yomthombo ovulekile egxile ekuthuthukisweni kwe ukuqaliswa okuphephile nokuthuthukisiwe ye-Network Time Protocol (I-NTP), esetshenziswa kabanzi ukuvumelanisa amawashi ezinhlelo zekhompiyutha kunethiwekhi, ukuqinisekisa ukukalwa kwesikhathi okunembile nokungaguquguquki.

Lolu hlobo lwezingxenye, ngokuvamile yizo abasebenzisi abaningi abangazinaki (futhi ngizifaka mina ngoba kuze kube yizinyanga ezimbalwa ezedlule bengingaqondi ukubaluleka kwalesi sivumelwano esincane), kusukela ekubeni into engemuva kokuphila kwethu kwansuku zonke, kuyinto enganakwa.

Endabeni yami ngathola ukubaluleka kwe-NTP ngenkathi ngifuna ukwenza "isibuyekezo esilula" sesistimu yami (i-Arco Linux) engiyishiye ingavuliwe izinyanga ezimbalwa. Ukwenza indaba ende ibe mfushane, ngemuva kokuthi zonke izibuyekezo zilandiwe futhi ngokombono kufanele ngabe zifakiwe, azizange zifakwe, ngoba nginenkinga ngokhiye be-OpenPGP kumaphakheji kanye nezizathu ezicacile zokushiya isistimu ezinyangeni, lokhu kuzodala inkinga enkulu.

Ngemva kokwenza izinto ezingu-101 nokuzama yonke into ngisho nokusebenzisa ikhompyutha yami, angikwazanga ukuxazulula inkinga yami futhi isisombululo esiseduze kwakuwukufaka kabusha isistimu kusukela ekuqaleni, engangingayithandi.

Into engiyiqaphelile phakathi nayo yonke inqubo yokuzama ukuxazulula inkinga ukuthi isikhathi kusistimu yami sasihlukile kuleso sendawo yami futhi ngenza ucwaningo oluncane ukuthi ukuguquka kwesikhathi esincane kudale inkinga ngenkathi ngizama ukungenisa okhiye abasha (njengoba kushiwo. ababusisiweyo i-arch wiki). Lapho ngifunda lokhu, impama ebunzini lami kwaba yinto yokuqala engiyikhiqizile futhi ngaqhubeka nokuzama ukushintsha isikhathi futhi ngokushesha ngaqala kabusha ukuze ngihlole ukuthi usuku nesikhathi se-BIOS kwakulungile yini, okwakuyikho. Ngemva kwalokho, ngaqala uhlelo futhi ukulungiselela ukwenza ushintsho njengokungathi kuyinqubo evamile ku-Windows noma ku-Android, futhi okwakuyiphutha elibi kakhulu ukuba nemikhuba ngaphambi kokuhlaziya.

Kungakhathaliseki ukuthi ngizame kangakanani ukuxazulula inkinga ngendlela eyodwa noma enye, okwabangela inkinga ohlelweni lwami kwakuyiphakheji ye-ntp ekufakeni kwami, ngesizathu esithile ukuthi angikwazanga ukuxazulula iphakheji kwakuvele kungibangele izinkinga. Yilapho engathola khona i-NTPsec okuyisixazululo sami ngemuva kwemizamo eminingana yokuxazulula inkinga yami.

I-NTPsec iwukusetshenziswa okuthuthukisiwe kwe-NTP okufaka ukuthuthukiswa okuningi kokuvikela., ngoba ine- ukuqaliswa kwezinga le-IETF Network Time Security ukuze uthole ukuqinisekiswa okuqinile kwe-cryptographic yesevisi yesikhathi. Ingqikithi, ngaphezu kuka-74% wesisekelo sekhodi ye-NTP Classic sisuswe ngokuphelele, futhi ngaphansi kuka-5% ikhodi entsha yengezwe kumongo obaluleke kakhulu wezokuphepha futhi kukhona nokusetshenziswa okungaguquki kokunemba kwe-nanosecond.

Phakathi kokuthuthukiswa kwezokuphepha, kukhishwe izindlela nemisebenzi engasasebenzi, kwamukelwa indinganiso ye-RFC Yekhasimende Lokunciphisa Idatha ye-NTP kanye nokuphepha kwesikhathi senethiwekhi kufakiwe. Ngaphezu kwalokho, izinguquko zenziwa ekuvumelaneni kwesikhathi kanye nokuthuthukiswa kwamathuluzi amaklayenti, ngezinsiza ezintsha ezifana ne-ntpmon ne-ntpviz yokuqapha kwesikhathi sangempela kanye nokubonwa kwedatha, ngokulandelanayo.

Ngokuchaza lokhu kancane, singaqonda kancane ukubaluleka kwalesi sici "esincane" ukuthi, kumsebenzisi ojwayelekile, sinikeze amakhanda amaningana futhi ezindaweni ezibucayi angifuni ukucabanga ngenhlekelele engayidala.

Uma kunikezwe incazelo "engabanzi" yokubaluleka kwe-NTP, isizathu sokutshela "i-adventure" yami encane kungenxa yokuthi Inguqulo entsha ye-NTPsec 1.2.3 isanda kukhishwa:

Phakathi kwentuthuko enguqulweni entsha Zihlanganisa:

  • Ukuqondanisa okushintshiwe kwamaphakethe ephrothokholi e-Mode 6, okungase kuthinte ukusekelwa kwe-NTP yakudala. I-Mode 6 isetshenziselwa ukudlulisa ulwazi mayelana nesimo seseva nokushintsha ukuziphatha ngesikhathi sangempela.
  • I-algorithm yokubethela ye-AES isetshenziswe ngokuzenzakalelayo ku-ntpq.
  • Ukusebenzisa indlela ye-Seccomp ukuvimba amagama ezingcingo zesistimu embi.
  • Ukuqoqwa kwezibalo zokuqalisa kabusha ngehora kunikwe amandla, ngokungena okwengeziwe kwe-NTS, NTS-KE, kanye ne-ms-sntp.
  • Ukufakwa kwenketho "yokuvuselela" ku-buildprep.
  • Ukuthuthukiswa kokwethulwa kwedatha yokubambezeleka kwephakethe kokuphumayo kwe-ntpdig JSON.
  • Kungezwe usekelo lohlu lwe-ecdhcurves.
  • Ukuhlanganiswa okulungisiwe kumapulatifomu okuthi -fstack-protector ancike ku-libssp, njenge-musl.
  • Kulungiswe ukuphahlazeka kwe-ntpdig uma usebenzisa i-2.ntp.pool.org enosokhaya ngaphandle kosekelo lwe-IPv6.

Ekugcineni uma wena iNginentshisekelo yokufunda okwengeziwe ngayo, ungabheka imininingwane kufayela le- isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.