Iri basa diki rakamuka rimwe Chishanu masikati uye raifanira kunge rakatora 2-3 maminetsi enguva. Kazhinji, senguva dzose.
Mumwe wandinoshanda naye akandikumbira kuti ndigadzirise script pane server yake. Ndakazviita, ndikamupa uye nekusaziva ndakadonha: "Nguva inokurumidza maminitsi mashanu." Rega sevha ibate iyo synchronization pachayo. Hafu yeawa, awa yakapera, uye achiri kuzvikudza uye achituka chinyararire.
βBenzi! - Ndakafunga, ndichichinjira kune server console - zvakanaka, ndichambozorora kwemaminetsi akati wandei. "
Ngationei ntp, date, sdwdate isina kuiswa chipa akaremara uye asiri kumhanya.
# timedatectl
Local time: Sun 2019-08-25 20:44:39 +03
Universal time: Sun 2019-08-25 17:44:39 UTC
RTC time: Sun 2019-08-25 17:39:52
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: no
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
Pano ini ndinobva ndaona kuti iyo hardware nguva ndeyechokwadi: zvichava nyore kufamba mberi.
Apa ndipo pakatangira nhevedzano yezvikanganiso.
Chikanganiso chekutanga. Kuzvivimba
Click-clack...
# systemctl enable systemd-timesyncd.service && systemctl start systemd-timesyncd.service && ntpdate 0.ru.pool.ntp.org && timedatectl set-ntp on && timedatectl
25 Aug 21:00:10 ntpdate[28114]: adjust time server 195.210.189.106 offset -249.015251 sec
Local time: Sun 2019-08-25 21:00:10 +03
Universal time: Sun 2019-08-25 18:00:10 UTC
RTC time: Sun 2019-08-25 18:00:10
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
Zvese zvakanaka, nguva inowiriraniswa, iyo system nguva inoenderana neiyo hardware imwe. βTora,β ndakadaro ndichibva ndadzokera kubasa rangu.
βTora chii? - waaishanda naye akatsamwa. "Inguva imwe chete!"
Paunowedzera kugadzirisa matambudziko akajairika, kufunga kwako kunowedzera kupenya uye hauchafunga kuti zana kana chiuru mamiriro achasiyana, asi kwete panguva ino.
# timedatectl
Local time: Sun 2019-08-25 21:09:15 +03
Universal time: Sun 2019-08-25 18:09:15 UTC
RTC time: Sun 2019-08-25 18:05:04
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
Nguva yesystem haina kunaka zvakare.
Ngatiedze zvakare:
# ntpdate 0.ru.pool.ntp.org && timedatectl && sleep 1 && timedatectl
25 Aug 21:07:37 ntpdate[30350]: step time server 89.175.20.7 offset -249.220828 sec
Local time: Sun 2019-08-25 21:07:37 +03
Universal time: Sun 2019-08-25 18:07:37 UTC
RTC time: Sun 2019-08-25 18:07:37
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
Local time: Sun 2019-08-25 21:11:46 +03
Universal time: Sun 2019-08-25 18:11:46 UTC
RTC time: Sun 2019-08-25 18:07:37
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
Ngatizviite zvakasiyana:
# date -s "2019-08-25 21:10:30" && date && sleep 1 && timedatectl
Sun Aug 25 21:10:30 +03 2019
Sun Aug 25 21:10:30 +03 2019
Local time: Sun 2019-08-25 21:14:36 +03
Universal time: Sun 2019-08-25 18:14:36 UTC
RTC time: Sun 2019-08-25 18:10:30
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
Uye seizvi:
# hwclock --hctosys && timedatectl && sleep 1 && timedatectl
Local time: Sun 2019-08-25 21:11:31 +03
Universal time: Sun 2019-08-25 18:11:31 UTC
RTC time: Sun 2019-08-25 18:11:31
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
Local time: Sun 2019-08-25 21:15:36 +03
Universal time: Sun 2019-08-25 18:15:36 UTC
RTC time: Sun 2019-08-25 18:11:32
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
Nguva inotarirwa kwechipiri chekupatsanurwa, uye pakarepo inotanga "kumhanyira" zvakare.
Panguva imwecheteyo, mumatanda, panguva yekuchinja kwakadaro kwebhuku, tinoona chete mishumo yehurongwa kuti nguva yakashanduka, maererano, munzira yakarurama / isina kururama uye dzimwe nguva. Resyncing kubva ku systemd-timesyncd.
Aug 25 21:18:51 wisi systemd[1]: Time has been changed
Aug 25 21:18:51 wisi systemd-timesyncd[29258]: System time changed. Resyncing.
Aug 25 21:18:51 wisi systemd[1187]: Time has been changed
Aug 25 21:18:51 wisi systemd[1]: Time has been changed
Aug 25 21:18:51 wisi systemd[1187]: Time has been changed
pano
# ps afx | grep "[1]187"
1187 ? Ss 0:02 /lib/systemd/systemd --user
Panguva ino, zvaive zvatove zvakakosha kutsvaga chikonzero, asi pamusoro pemakore gumi nemasere ekutonga, uropi hwakaunganidza nhamba dze "nguva" zvikanganiso uye, kunze kwetsika, zvakare inopomera kuwiriranisa.
Ngatiidzima zvachose.
# timedatectl set-ntp off && systemctl stop systemd-timesyncd.service
# hwclock --hctosys && timedatectl && sleep 1 && timedatectl
Local time: Sun 2019-08-25 21:25:40 +03
Universal time: Sun 2019-08-25 18:25:40 UTC
RTC time: Sun 2019-08-25 18:25:40
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: no
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
Local time: Sun 2019-08-25 21:29:31 +03
Universal time: Sun 2019-08-25 18:29:31 UTC
RTC time: Sun 2019-08-25 18:25:41
Time zone: Europe/Minsk (+03, +0300)
NTP enabled: no
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
uye mumatanda
Aug 25 21:25:40 wisi systemd[1]: Time has been changed
Aug 25 21:25:40 wisi systemd[1187]: Time has been changed
Aug 25 21:29:30 wisi systemd[1]: Time has been changed
Aug 25 21:29:30 wisi systemd[1187]: Time has been changed
Resyncing akanyangarika uye zvikasadaro matanda acho ari pristine.
Kuongorora mhedzisiro tcpdump pachiteshi 123 pane ese mainterfaces. Hapana zvikumbiro, asi nguva ichiri kutiza.
Mhosho mbiri. Rush
Kwasara awa imwe kusvika pakupera kwevhiki yebasa, uye ini handidi kuenda kwevhiki nedambudziko risingagadziriswe (usatarise nguva iri mukodhi, chinyorwa chakanyorwa mumazuva anotevera. )
Uye pano zvakare, panzvimbo yekutsvaga chikonzero, ndakatanga kuedza kuuya netsanangudzo yemugumisiro. Ini ndinoti "gadzira" nekuti kunyangwe tsananguro yemhedzisiro ingave ine musoro sei, inzira isina kunaka yekugadzirisa dambudziko.
Sevha iyi iseva yekufambisa uye inoshandura DVB-S2 rwizi kuenda kuIP. Iyo DVB-S rwizi ine timestamps, saka vanogamuchira, multiplexers, scrambler uye terevhizheni kazhinji vanozvishandisa kuwiriranisa system wachi. DVB-S madhiraivha ebhodhi akavakirwa mukernel, saka nzira inokurumidza kuona kuti DVB-S2 rwizi rwabviswa ndeyekubvisa tambo dzinobva ku "maplates". Neraki, sevha iri kuseri kwemadziro, ngazvive zvakadaro.
Ehe, dai matanda anga aine izvo zvaifanira kunge zviripo, izvi zvingadai zvisina kuitika, asi zvakanyanya pane izvo, zvakare, pakupera kwechinyorwa.
Zvakanaka, sezvo isu takatobvisa ese masaini esatellite, isu tichabvisawo epasi - panguva imwe chete isu tinoburitsa ese matambo etiweki. Iyo sevha inobviswa kubva kunze kwenyika uye inoshanda yakazvimirira, asi system wachi ichiri kumhanya.
Vhiki yebasa yapera, uye zuva / nguva nyaya pachayo haina kutsoropodza, saka unogona kungoenda kumba, asi pano ini ndinoita chikanganiso chitsva.
Chikanganiso chetatu. Advisors
Never! Usambofa wakabvunza mibvunzo pamaforamu uye neakajairwa (a la stackoverflow) masaiti kana mhinduro kwairi ichida zvinopfuura kudzidza peji rekutanga reGoogle uye kuverenga peji remurume mumwe.
Vachakutumira kudzokera kuGoogle, verenga murume mumwe chete uye vatsanangure zvakakurumbira mitemo yeforamu / saiti, asi havazokupi mhinduro.
Heano zvimwe zvinangwa:
- hapana mumwe kunze kwako anogona kuziva dambudziko zvakare;
- hapana anogona kuita bvunzo pasi pemamiriro akafanana neako
uye subjective:
- iwe haugone kupa zvese zvinongedzo zvekugadzirisa dambudziko, nekuti iwe watouya ne "chaiyo" gwara uye uri kuratidza hunhu hwenyaya uchitarisa pairi;
- foromani (moderator, old-time, admin) anogara ari mugwara, kana foromani asina kururama... zvakanaka, munoziva...
Kana, pakupindura mhinduro, wakaramba uri mukati memiganhu yemazwi akaongororwa, saka une tsinga dzakasimba.
chisarudzo
Hapana chikonzero chekukamura mabasa kuva nyore uye akaoma.
Isu tinorega kuvimba neruzivo rwedu, nhamba, vanopa mazano uye kutanga kwete "kutsanangura" mhedzisiro, asi kuramba tichitsvaga chikonzero.
Sezvo mumwe munhu achiseta nguva, iyo inoenderana system yekufona inofanirwa kuitika.
Sezvakangoita muzvinyorwa zvesoftware magwaro akanakisa ndiwo masosi, saka mukutonga kwehurongwa mubatsiri akanakisa ndeyekuongorora, kwatiri. audited.
Kanguva kekukahadzikaNdakapfuura nemumana, asi ndakanga ndisina chokwadi chekuti nguva muLinux inogona kungoiswa clock_settime ΠΈ settimeofday, saka pabvunzo yekutanga ndakasarudza ese "akakodzera" mafoni:
# man syscalls | col | grep -F '(2)' | grep -vE '(:|;)' | grep -E '(time|date|clock)' | sed "s/(2).*//" | xargs -I SYSCALL echo "-S SYSCALL " | xargs echo
-S adjtimex -S clock_adjtime -S clock_getres -S clock_gettime -S clock_nanosleep -S clock_settime -S futimesat -S getitimer -S gettimeofday -S mq_timedreceive -S mq_timedsend -S rt_sigtimedwait -S s390_runtime_instr -S setitimer -S settimeofday -S stime -S time -S timer_create -S timer_delete -S timer_getoverrun -S timer_gettime -S timer_settime -S timerfd_create -S timerfd_gettime -S timerfd_settime -S times -S utime -S utimensat -S utimes
uye vachirasa s390_runtime_instr, nguva, timerfd_create, izvo auditctl handina kuzviziva, pakutanga akatanga ongororo mufomu:
auditctl -a exit,always -S adjtimex -S clock_adjtime -S clock_getres -S clock_nanosleep -S clock_settime -S futimesat -S getitimer -S gettimeofday -S mq_timedreceive -S mq_timedsend -S rt_sigtimedwait -S semtimedop -S setitimer -S settimeofday -S time -S timer_create -S timer_delete -S timer_getoverrun -S timer_gettime -S timer_settime -S timerfd_gettime -S timerfd_settime -S times -S utime -S utimensat -S utimesMushure mekuita chokwadi chekuti hapana mamwe matanda munzvimbo dzelogi dzandinofarira syscalls Kunze kwezviviri izvi, ndakazvishandisa chete mberi.
Kumhanyisa system call audit clock_settime ΠΈ settimeofday uye edza kushandura zuva:
# auditctl -a exit,always -S clock_settime -S settimeofday && date -s "2019-08-22 12:10:00" && sleep 5 && auditctl -D
Kunonoka kwemasekondi mashanu kunowedzerwa kuitira kuti "parasite" yedu inovimbiswa kugadzirisa nguva.
Ngatitarisei report:
# aureport -s -i
Syscall Report
=======================================
# date time syscall pid comm auid event
=======================================
Warning - freq is non-zero and incremental flushing not selected.
1. 08/22/2019 12:10:00 settimeofday 3088 chkcache_proces root 479630
2. 08/26/2019 09:37:06 clock_settime 1538 date root 479629
Apa tinoona zvedu zuva uye tisingazikamwi chkcache_processes. Zvakaguma mumushumo uri pamusoro nekuti aureport yakaronga zvakabuda nezuva pakuchinja kubva kubhinari, uye chiitiko chakaitika panguva yatakaseta. date -s "2019-08-22 12:10:00".
Ndiani akamubereka?
# ausearch -sc settimeofday --comm "chkcache_proces"
----
time->Thu Aug 22 12:10:00 2019
type=PROCTITLE msg=audit(1566465000.000:479630): proctitle="/usr/local/bin/oscam"
type=SYSCALL msg=audit(1566465000.000:479630): arch=c000003e syscall=164 success=yes exit=0 a0=7fde0dfc6e60 a1=0 a2=136cf a3=713ba56 items=0 ppid=3081 pid=3088 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts20 ses=68149 comm="chkcache_proces" exe="/usr/local/bin/oscam" key=(null)
/usr/local/bin/oscam - parasite yedu yakawanikwa. Pasinei nemaitiro ayo "akashata", hazvibviri kuramba iyo inogadziriswa yekuwana system, asi ini ndichiri kuda kuziva oscam, WTF?
Mhinduro inowanikwa nekukurumidza mukati :
#if defined(CLOCKFIX)
if (tv.tv_sec > lasttime.tv_sec || (tv.tv_sec == lasttime.tv_sec && tv.tv_usec >= lasttime.tv_usec)) // check for time issues!
{
lasttime = tv; // register this valid time
}
else
{
tv = lasttime;
settimeofday(&tv, NULL); // set time back to last known valid time
//fprintf(stderr, "*** WARNING: BAD TIME AFFECTING WHOLE OSCAM ECM HANDLING, SYSTEMTIME SET TO LAST KNOWN VALID TIME **** n");
}
Kunaka sei kuno akataura kunze line yambiro...
Source: www.habr.com