Building NTPD 4.2.8 on RedHat 7.3

Posted on

Let me guess; you had an ancient RedHat 7.3 server sitting around that was acting as an NTP server, so you’ve of course never replaced it because why bother, it still works right?  Yeah, that’s me lol.  That was all well and good until Google discovered a bunch of flaws in all 4.x versions of ntpd that allow for remote code execution as the user ntpd is running as.  So let’s get it updated to 4.2.8.

Step 1) Download 4.2.8 or later from http://ntp.org/downloads.html

Step 2) Extract and ./configure   This part will appear to go fine, so…

Step 3) make

Ruh roh, errors:

  CC     refclock_gpsdjson.o
In file included from refclock_gpsdjson.c:36:
../libjsmn/jsmn.c: In function `jsmn_parse_string':
../libjsmn/jsmn.c:120: parse error before `int'
../libjsmn/jsmn.c:121: `i' undeclared (first use in this function)
../libjsmn/jsmn.c:121: (Each undeclared identifier is reported only once
../libjsmn/jsmn.c:121: for each function it appears in.)
In file included from refclock_gpsdjson.c:61:
../include/ntpd.h: At top level:
../include/ntpd.h:288: warning: declaration of `poll' shadows global declaration
refclock_gpsdjson.c: In function `process_tpv':
refclock_gpsdjson.c:857: warning: declaration of `log2' shadows global declaration
make[3]: *** [refclock_gpsdjson.o] Error 1
make[3]: Leaving directory `/root/ntp-4.2.8/ntpd'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/root/ntp-4.2.8/ntpd'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/ntp-4.2.8'
make: *** [all] Error 2

Step 4) I could not find a way to correct whatever that issue was, so my workaround is to disable the building of the GPSD component:

make distclean
./configure --disable-GPSD
make
make install

You’ll still get errors about some other parts of the overall distribution, but the important stuff will still be installed in /usr/local/sbin/

Step 5) Start ntpd, and get an error:

# /usr/local/sbin/ntpd -c /etc/ntp.conf -u ntp
/usr/local/sbin/ntpd: The 'user' option has been disabled. -- built without --enable-clockctl or --enable-linuxcaps or --enable-solarisprivs

Step 6) Okay, so let’s configure with those missing features enabled so we can run it as the ntp user:

./configure --disable-GPSD --enable-clockctl --enable-linuxcaps
make

Ah more errors:

  CC     ntpd.o
ntpd.c:108:29: sys/capability.h: No such file or directory
make[3]: *** [ntpd.o] Error 1
make[3]: Leaving directory `/root/ntp-4.2.8/ntpd'
make[2]: *** [install] Error 2
make[2]: Leaving directory `/root/ntp-4.2.8/ntpd'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/root/ntp-4.2.8'
make: *** [install] Error 2

You need libcap-devel to work around that:

rpm -ivh http://archive.download.redhat.com/pub/redhat/linux/7.3/en/os/i386/RedHat/RPMS/libcap-devel-1.10-8.i386.rpm

Step 7)

make distclean
./configure --disable-GPSD --enable-clockctl --enable-linuxcaps
make
make install
/usr/local/sbin/ntpd -c /etc/ntp.conf -u ntp
# ps -ef|grep ntp
ntp       4007     1  0 10:44 ?        00:00:00 /usr/local/sbin/ntpd -c /etc/ntp
root      4010  4007  0 10:44 ?        00:00:00 /usr/local/sbin/ntpd -c /etc/ntp
root      4011  4010  0 10:44 ?        00:00:00 /usr/local/sbin/ntpd -c /etc/ntp

Boom, working.  Update your init scripts as needed.

Leave a Reply

Your email address will not be published. Required fields are marked *