RHEL 7.4 and ntpq noquery

Comments 2

This week I noticed you can pass a network time protocol query read variable to a RHEL 7 OS despite the /etc/ntp.conf restrict noquery. I get that ntpd versions prior to 4.2.7 are vulnerable by default, but if you're still on 4.2.6 are there options available?

ntpq -c rv [ip addr]

ntpd --version

Links
Open NTP Version (Mode 6) Scanning Project
NTP Amplification Attacks Using CVE-2013-5211

Started 2017-09-08T20:04:52+00:00 by

Laszlo Coleman

Community Member 88 points

Responses

SW Red Hat Guru 4022 points

11 September 2017 10:01 AM

Stephen Wadeley

Hello

I checked with a colleague, there is no difference between 4.2.6 and 4.2.7(8) with respect to the ntpq queries, both are susceptible to amplification attacks. The default configuration doesn't allow remote queries, only permits queries from localhost.

Have you modified the config or are you testing it locally? Best provide ntp.conf in case of further questions.

Community Member 88 points

19 September 2017 9:08 PM

Laszlo Coleman

Sorry for the delayed response. You're correct, the default configuration does not allow remote queries. By adding

noquery

on the local network restrictions within

ntp.conf

this "prevents ntpq and ntpdc queries, but not time queries" according to 17.17. Configure NTP. Testing it locally works, I am still able to synchronize with my time server and deny queries.

Thanks for the fast response.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Responses