DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-07 16:15:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

cmdmon: make open commands configurable

Browse Source 
Replace the hardcoded list of open commands (accessible over UDP),
with a list that can be configured with a new "opencommands" directive.
The default matches the original list. All read-only commands except
accheck and cmdaccheck can be enabled. The naming follows the chronyc
naming. Enable the N_SOURCES request only when needed.

This makes it possible to have a full monitoring access without access
to the Unix domain socket. It also allows restricting the monitoring
access to a smaller number of commands if some commands from the default
list are not needed.

Mention in the man page that the protocol of the non-default commands is
not consider stable and the information they provide may have security
implications.
This commit is contained in:
Miroslav Lichvar
2025-02-11 12:27:23 +01:00
parent 51da7a0694
commit 1967fbf1f2
6 changed files with 148 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
doc/chrony.conf.adoc
View File

@@ -2143,6 +2143,27 @@ An example of the use of the directive is:
cmdratelimit interval 2
----
[[opencommands]]*opencommands* [_command_]...::
This directive specifies a list of monitoring commands to be enabled for the
hosts allowed by the *cmdallow* directive. The following commands can be
specified (the naming follows *chronyc*):
+
*activity*+*+, *authdata*, *clients*, *manual*+*+, *ntpdata*, *rtcdata*+*+,
*selectdata*, *serverstats*+*+, *smoothing*+*+, *sourcename*+*+, *sources*+*+,
*sourcestats*, *tracking*+*+.
+
The commands marked with +*+ are enabled by default. The protocol of these
commands is considered stable and can be expected to work between different
versions of *chronyc* and *chronyd*. The protocol of the other commands is not
considered stable and different versions of *chronyc* and *chronyd* may not
interoperate. When that happens, *chronyc* will print an '`Invalid command`' or
'`Bad reply from daemon`' error.
+
Note that some of the reported data can be potentially useful to attackers,
enabling them to better observe and predict the internal state of *chronyd*.
It is recommended to enable only commands that are actually needed for
monitoring and limit the access to the hosts that need it.
=== Real-time clock (RTC)
[[hwclockfile]]*hwclockfile* _file_::