====== Network Services Overview NTP ======

**General Information**

This page covers the Network Services objectives, specifically for NTP. 

**Network Services Objectives**
  * Install the packages needed to provide the service
  * Configure SELinux to support the service
  * Use SELinux port labeling to allow services to use non-standard ports
  * Configure the service to start when the system is booted
  * Configure the service for basic operation
  * Configure host-based and user-based security for the service

----

====== Lab Setup ======

The following virtual machines will be used:
  * ipa.example.com (192.168.1.152) -> Central Time Server
  * server1.example.com (192.168.1.150) -> NTP Server1 syncs with central (also peers with server2)
  * server2.example.com (192.168.1.151) -> NTP Server2 syncs with central (also peers with server1)

----

====== Install the packages needed to provide the service ======

Install the service (default in RHEL 7)
<code bash>
yum install chrony
</code>

----

====== Configure SELinux to support the service ======

  * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].

----

====== Use SELinux port labeling to allow services to use non-standard ports ======

Configuring the <service-name> with a non standard port and allowing port access with selinux.

**NOTE**: "man semanage-port" has examples for allowing non-standard ports!

----

====== Configure the service to start when the system is booted ======

Check Current Service Status
<code bash>
systemctl status chronyd
</code>
  * Also displays if the service is enabled or disabled

\\
Enabling a service to start on boot
<code bash>
systemctl enable chronyd
</code>

----

====== Configure the service for basic operation ======

Enable and Start the service
<code bash>
systemctl enable chronyd
systemctl start chronyd
</code>

----

====== Configure host-based and user-based security for the service ======

===== Firewall =====

Allow access through the firewall if you want other servers to sync to this system
<code bash>
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
</code>

===== Host Based =====


===== User Based =====

----