Correct system time is not only a convenience, but also a security issue, because many attacks rely on changing the system clock. However, if your system clock is wrong to start with, you won’t notice a change. Without coherent time across all your servers, you’ll never be able to correlate your logs when troubleshooting. What’s the solution? Fix your time settings before you do anything else. Correcting the time requires both setting a time zone and the clock.
The installer tries really hard to guess your time zone, using geolocation tricks and a script at the OpenBSD website. If these didn’t work for you, or if you weren’t on the Internet when you installed OpenBSD, or if your company policy says that all servers will run in time zone X, fix your time zone before anyone notices.
The directory /usr/share/zoneinfo contains all of the time zones, as well as several subdirectories for countries or continents with various time zones. For example, Western Siberia runs on Omsk time (found in the file /usr/share/zoneinfo/Asia/Omsk). Presumably, you have some idea of your local time zone and where it might be filed.
To set the system time zone, create a symbolic link to it from /etc/localtime. Use date(1)
to make sure that the time zone has been set correctly:
# ln -fs /usr/share/zoneinfo/Asia/Omsk /etc/localtime # date Thu Mar 14 06:02:56 OMST 2013
OpenBSD also supports POSIX time zones found in /usr/share/zoneinfo/Etc. POSIX time zones have their own rules. Do not use them unless you are absolutely sure you understand them. (Hint: You don’t.)
Now that you have set a time zone, set the correct time and date. OpenBSD includes OpenNTPD, a BSD-licensed simplified NTP daemon. If at all possible, use ntpd(8)
to manage the time. If you can’t access NTP servers (say, if you’re on a private network without them), set up your own. And if you can’t set up time servers, set the system time manually.
Configure OpenNTPD in /etc/ntpd.conf. The syntax should be familiar to you if you’ve managed any other NTP daemon.
For basic time, you need time servers, ideally three or more. If you don’t have local time servers, use publicly accessible time servers, such as the hosts available at http://pool.ntp.org/.
List your servers in /etc/ntpd.conf:
servers pool.ntp.org
Then enable ntpd
in /etc/rc.conf.local:
ntpd_flags=
By default, ntpd
slowly adjusts system time by skewing the system clock. If the system time is a few seconds off, slow adjustment will usually suffice, but if it’s off by minutes or more, have ntpd
correct the system time on startup and then adjust the time as needed. To enable time correction at startup, use the -s
flag:
ntpd_flags="-s"
Time skews most badly on heavily used hardware, lousy hardware, and virtual machines.
To set the date and time manually, use date(1)
. First, make sure that you know the current year, month, day of the month, and time (in 24-hour format). Then set the date and time using this format:
# date YYYYmmDDhhMM
For example, to set the date to February 3, 2013 and the time to 1:17 PM, run this:
# date 201302031317
Sun Feb 3 13:17:00 GMT 2013
That said, date(1)
will not correct your clock on an ongoing basis, and on some hardware with poor clocks, the time will slowly skew. A virtual machine on heavily loaded hardware will almost certainly lose time. Use NTP to deal with that.