dp.cx blog

Posted on

Filed under linux, ntp, openntpd, and ubuntu

ntpd (from ntp.org) has recently gotten a bad rap. A series of vulnerabilities have been found in it that, from my perspective, make it no longer safe to run on production, publicly facing machines; however, there is an alternative: openntpd.

Installing openntpd is easy enough. apt-get install openntpd, and the package is installed. However, because ntp.org's ntpd was installed previously, and the two packages share the same binary path and name, Ubuntu's apparmor has a policy for the binary, openntpd will not start, giving the following error:

Restarting openntpd: /etc/openntpd/ntpd.conf: Permission denied

The simple fix for this? Make apparmor remove the policy file, purge ntp.org's ntpd, and then install openntpd, via the following:

apparmor_parser -R /etc/apparmor.d/usr.sbin.ntpd && \
apt-get purge ntp && \
apt-get install openntpd