From dfbf0d52274dae12cd94d61f05a0b12e6ce3665d Mon Sep 17 00:00:00 2001
From: Linda J Laubenheimer <ljlgeek@stanford.edu>
Date: Fri, 7 Jul 2017 13:53:21 -0700
Subject: [PATCH] updated ntp.conf file to put 'tinker-panic 0' at the top

---
 NEWS                   |  7 +++++++
 files/ntp/etc/ntp.conf | 14 +++++++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index 2096a00..6192ab3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+release/005.009 (2017-07-07) 
+
+    [ntp] Push "tinker-panic 0" to the top of the ntp.conf file to help 
+    address the timekeeping problem with vmware. This means always reset
+    the clock, even if the new time is more than 1000s away from the 
+    current system time. [ljlgeek]
+
 release/005.008 (2017-06-25)
 
     [ssh] Add $max_sessions options. [adamhl]
diff --git a/files/ntp/etc/ntp.conf b/files/ntp/etc/ntp.conf
index dc2b650..415df2c 100644
--- a/files/ntp/etc/ntp.conf
+++ b/files/ntp/etc/ntp.conf
@@ -1,3 +1,12 @@
+tinker panic 0
+# ^^^^^^^This should be the first configuration item in the conf file!
+# See "NTP Recommendations"
+# https://kb.vmware.com/selfservice/viewdocument.do?cmd=displayKC&docType=kc&externalId=1006427
+#
+# Always reset the clock, even if the new time is more than 1000s away
+# from the current system time.  We need this on VMs and it shouldn't hurt
+# anywhere else.  
+
 # This is the default site ntpd configuration file.  It queries the three
 # stratum-one time servers, which use GPS receivers for accurate time.  It also
 # queries SRCC's stratum-one time server, located in SRCF, which also uses GPS.
@@ -24,10 +33,5 @@ restrict -6 ::1
 restrict default ignore
 restrict -6 default ignore
 
-# Always reset the clock, even if the new time is more than 1000s away
-# from the current system time.  We need this on VMs and it shouldn't hurt
-# anywhere else.
-tinker panic 0
-
 # Disable the monlist command, since it can be used for a UDP DoS attack.
 disable monitor
-- 
GitLab