EndRun Tempus LX GPS User Manual Download Page 69

Page: 69 / 116

T e m p u s L X G P S U s e r M a n u a l

"Smarter Timing Solutions"

Appendix

Security

Your Tempus LX incorporates several important security features to prevent unauthorized tampering

with its operation. Many of these are standard multiple-user access control features of the underlying

Linux operating system which controls the Tempus LX. Others are provided by the additional proto-

col servers selected for inclusion in your Tempus LX, and the way that they are configured.

Secure user authentication and session privacy while performing routine monitoring and mainte-

nance tasks are provided by the OpenSSH implementations of the “secure shell” daemon,

sshd

and

its companion “secure copy” utility,

scp

. The NET-SNMP implementation of the Simple Network

Management Protocol (SNMP) daemon,

snmpd

. conforms to the latest Internet standard, known

as SNMPv3, which also supports secure user authentication and session privacy. In addition, the

Network Time Protocol daemon,

ntpd

supports client-server authentication security measures to

deter spoofing of NTP clients by rogue NTP servers. This appendix describes these security measures

and gives the advanced network administrator information that will allow custom configuration to fit

specific security needs.

Linux Operating System

The embedded Linux operating system running in the Tempus LX is based on kernel version 2.4.26

and version 10 of the Slackware Linux distribution. As such it supports a complete set of security

provisions:

•

System passwords are kept in an encrypted file,

/etc/shadow

which is not accessible by users other

than

root

•

Direct

root

logins are only permitted on the local RS-232 console or via SSH.

•

The secure copy utility,

scp

, eliminates the need to use the insecure

ftp

protocol for transferring

program updates to the Tempus LX.

•

Access via SNMP is configurable to provide the security of the latest version 3 Internet standard

which supports both view-based access control and user-based security using modern encryption

techniques. Previous versions v1 and v2c supported access control essentially via passwords trans-

mitted over the network in plain text. Refer to

Appendix C – Simple Network Management Protocol

which is dedicated to configuration of SNMP for details.

•

Individual host access to protocol server daemons such as

in.telnetd, snmpd

sshd

may be

controlled by the

tcpd

daemon and

/etc/hosts.allow

and

/etc/hosts.deny.

•

Risky protocols like TIME, DAYTIME and TELNET may be completely disabled by configura-

tion of the

inetd

super-server daemon.

Summary of Contents for Tempus LX GPS

Page 1: ...Smarter Timing Solutions Tempus LX GPS Network Time Server User Manual...

Page 2: ......

Page 3: ...experience in the research and development of receiver technology for the Global Positioning System GPS has created our window mount GPS antenna and extended hold over oscillator control algorithms T...

Page 4: ...harges to EndRun Technologies and EndRun Technologies shall pay shipping charges to return the product to Buyer However Buyer shall pay all shipping charges duties and taxes for products returned to E...

Page 5: ...ice agent It is important to contact us first as many prob lems may be resolved with a phone call Please have the serial number of the unit and the nature of the problem available before you call If i...

Page 6: ...Te m p u s L X G P S U s e r M a n u a l...

Page 7: ...One Introduction 1 GPS Timing How It Works 1 Where to Use It 2 Main Features 2 Performance Reliability and Economy 2 Flexibility 2 Easy Installation 2 Free FLASH Upgrades 2 Chapter Two Basic Installat...

Page 8: ...r 18 Chapter Three Setting Up NTP Clients on Unix like Platforms 19 Basic NTP Client Setup 20 Configure NTP 20 MD5 Authenticated NTP Client Setup 20 Create the ntp keys File 21 Configure NTP 21 Broadc...

Page 9: ...rence Position 35 GPS Dynamic Mode 35 Oscillator Status 35 Antenna Fault Mask 36 Signal Loss Fault Mask 36 Clock Menu 36 Time Mode 36 Local Offset 36 Hours Display 36 Daylight Savings Time 36 CPU I O...

Page 10: ...tmask 44 cpuopts 44 cpuoptsconfig 44 eraserootfs_1 44 gntphwaddr 45 gntposctype 45 gntppasswd 45 gntprootfs 45 gntpstat 45 gntptimemode 46 gntptimemodeconfig 46 gntpversion 47 gpsdynmode 47 gpsrefpos...

Page 11: ...ocol 59 Appendix B Upgrading the Firmware 61 What You Need To Perform the Upgrade 61 Performing the Linux NTP Upgrade 61 Recovering from a Failed Upgrade 63 Performing the Linux Kernel Upgrade 63 Perf...

Page 12: ...t TFOM 77 Appendix F Serial Time Output 79 Sysplex Format 79 Truetime Format 80 EndRun Format 80 EndRunX Extended Format 81 NENA Format 81 NMEA 0183 Format 82 Appendix G Third Party Software 85 GNU Ge...

Page 13: ...wn as GPS ICD 200 It specifies the receiver interface needed to receive and demodulate the navigation and time transfer data contained in the GPS satellite transmissions The GPS navigation system requ...

Page 14: ...existing public domain NTP SNTP client software that has been created for use with similar time servers it may be used in any computer network environment that is using TCP IP protocols Although clie...

Page 15: ...amiliarity with Linux or other Unix like operating systems would be helpful it is not essen tial If you satisfy these conditions the instructions provided herein should guide you to a successful insta...

Page 16: ...sole interface to the Tempus LX This console allows the user to initialize and maintain the Tempus LX See Chapter 6 RS 232 Serial I O Port Signal Definitions for detailed information 10 100Base T Jack...

Page 17: ...further information refer to Appendix F Serial Time Output AC Power Input Jack This IEC 320 standard three prong connector provides AC power DC Power Input Block This optional 3 position terminal blo...

Page 18: ...ails If you are unable to achieve GPS lock after trying all of these suggestions then your Tempus LX may be damaged and should be returned to the factory for repair or exchange Installing the Tempus L...

Page 19: ...s hostname via DHCP if your DHCP server is configured to provide it You can do this by running a simple shell script called netconfig after your unit is up on the network If your network does use DHCP...

Page 20: ...will refer to either of these as termi nal for the remainder of this instruction 1 Disconnect power from the Tempus LX 2 Connect one end of the DB9F to DB9F null modem adapter cable to the serial I O...

Page 21: ...2 order 0 4096 bytes Buffer cache hash table entries 1024 order 0 4096 bytes Page cache hash table entries 8192 order 3 32768 bytes CPU AMD 486 DX 4 WB stepping 04 Checking hlt instruction OK POSIX co...

Page 22: ...68k freed INIT version 2 76 booting etc rc d rc S bin is a directory mtdblock_open ok mtdblock_open ok Loading GPS Loading Keypad VFD Fri Aug 20 00 53 54 2004 0 707128 seconds 2004 Setting system tim...

Page 23: ...see characters displayed by your terminal program within 30 seconds after the unit is powered up you must troubleshoot your setup An incorrectly wired cable or incorrect port setting in your terminal...

Page 24: ...IP address for gntp aaa bbb ccc ddd 192 168 1 245 DEFAULT GATEWAY ADDRESS setting Set the default gateway address such as 111 112 113 1 If you don t have a gateway just hit ENTER to continue Enter def...

Page 25: ...er if you are using DHCP It appears near the end of the kernel generated boot messages If you are using DHCP and are not using the RS 232 serial I O port you will have to check the DHCP configuration...

Page 26: ...k that by issuing this shell command Tempus LX GPS root gntp cat etc resolv conf search your domain nameserver 192 168 1 1 nameserver 192 168 1 2 Which displays the contents of the etc resolv conf fil...

Page 27: ...d Tempus LX GPS shell prompt The Tempus LX uses the bash shell which is the Linux standard full featured shell After configuring the unit you should change the passwords using the gntppasswd command i...

Page 28: ...s 224 0 1 1 when you are prompted to enter the broadcast address Configuring NTP Using the Front Panel Keypad To configure NTP using the front panel keypad go to the Main Menu display Press the RIGHT...

Page 29: ...uthentication Configuration Do you want authentication enabled using some or all of the keys in the ntp keys file y es n o y You will be prompted for key numbers 1 65534 that you want NTP to trust The...

Page 30: ...Operating the Tempus LX as a Stratum 1 Server is the recommended mode You may operate the unit as a Stratum 2 server but since there are innumerable ways to configure your network with Stratum 2 serv...

Page 31: ...blueprints 0701 NTP pdf http www sun com solutions blueprints 0801 NTPpt2 pdf http www sun com solutions blueprints 0901 NTPpt3 pdf If you have a news service many problems may be solved by the helpf...

Page 32: ...ver which you have just configured You should verify that it is being reached You may have to continue issuing the peers command for a minute or two before you will see the reach count increment If yo...

Page 33: ...two commands at the shell prompt chown root root etc ntp keys chmod 600 etc ntp keys Configure NTP You must edit the ntp conf file which ntpd the NTP daemon looks for by default in the etc directo ry...

Page 34: ...running the ntpconfig shell script This is not the factory default configuration so be sure to run ntpconfig If you are going to use MD5 authentication your Tempus LX must have been configured to ope...

Page 35: ...ute or two before you will see the reach count increment If you are using authentication you can verify that authentication is being used by issuing the com mand associations to display the characteri...

Page 36: ...Te m p u s L X G P S U s e r M a n u a l 24 C H A P T E R T H R E E...

Page 37: ...pdf If you have a news service many problems may be solved by the helpful people who participate in the Internet news group devoted to NTP at comp protocols time ntp Three methods of using the Tempus...

Page 38: ...to stop the Network Time Protocol service and then re start it Use the NTP utility ntpq exe to check that ntpd exe is able to communicate with the Tempus LX By default it is installed in the Program...

Page 39: ...ur client computer or use the secure copy utility scp or use a text editor to create the equivalent file Although you should first test your setup using the factory default etc ntp keys file in your T...

Page 40: ...to the Tempus LX server If you see bad you should wait a few minutes to be sure that there is a problem since bad is the initial state of this setting If the bad indication persists then you must che...

Page 41: ...word with the multicastclient keyword You may remove the line added previously in Basic NTP Client Setup server 192 168 1 245 or the authenticated version added in MD5 Authenticated NTP Client Setup s...

Page 42: ...inutes to be sure that there is a problem since bad is the initial state of this setting If the bad indication persists then you must check your configuration for errors Typi cally this is due to a ty...

Page 43: ...izes Time information is readable at distances in excess of 15 feet The keypad consists of an eight key switch assembly designed to allow easy parameter selection and control Keypad Description The fr...

Page 44: ...her digits When the parameter is correct press ENTER to load the new value All entered values are stored in non volatile FLASH and restored after a power cycle If you wish to abort the edit process pr...

Page 45: ...tatus display The displays available through the Shortcut Menu are the Receiver Status display the Faults display and the NTP Status display To select the Shortcut Menu press ENTER for one second whil...

Page 46: ...lays are described in detail below Receiver Menu The Receiver Menu is selected from the Main Menu and provides access to the Receiver Status Os cillator Status Reference Position and GPS Dynamic Mode...

Page 47: ...si tion In this case the user must determine an accurate WGS 84 position by other means and input it either through the serial interface or via the front panel In addition to loading a new accurate re...

Page 48: ...t affect the NTP output which is always UTC Possible values for the time mode are GPS UTC and local time GPS time is derived from the GPS satellite system UTC is GPS time minus the current leap second...

Page 49: ...e Optional Programmable TTL Pulse Rate Output Synthesized Rate Serial Time Output Setup The Serial Time Output display allows you to set up the parameters for the optional once per second serial time...

Page 50: ...til the oscillator frequency finally reaches one of the actual DAC endpoints The unit should be returned to the factory for oscillator replacement at the customer s convenience ANT Antenna Cable This...

Page 51: ...cator are 00 None No fault and no pending leap second 01 Insert Pending No fault and a leap second insertion is pending 10 Delete Pending No fault and a leap second deletion is pending 11 Fault Unsync...

Page 52: ...tp conf file is modified The final display in the edit sequence requires confirmation of your intent to change the instrument set tings Once confirmation takes place the instrument will reboot Firmwar...

Page 53: ...commands will be described in this chapter The serial I O port physical and electrical characteristics are defined as well General Linux Shell Operation You do not need to know Linux in order to oper...

Page 54: ...talled oscillator type which is one of TCXO MS OCXO HS OCXO or Rubidium gntppasswd Allows the root user to change the password for the two config ured users on the Tempus LX gntpuser and root This scr...

Page 55: ...sses the position to the GPS subsystem setsigfltmask Command to mask or enable the Signal Loss Fault sigfltmask Prints the current setting for the Signal Loss Fault mask unlockkp Unlocks access to the...

Page 56: ...rrent settings for the optional Serial Time Output Query cpusertime Tempus LX response Current Serial Time Output Baud Rate Setting 9600 Current Serial Time Output Format Setting Sysplex Current Seria...

Page 57: ...r to Appendix B Upgrading the Firmware for detailed instructions on performing the upgrade procedure Query gntprootfs Tempus LX response BOOT_IMAGE TempusLXGPS_1 gntpstat This command allows the user...

Page 58: ...of this writing Query gntpstat Tempus LX response LOCKED TO GPS Offset 0 000024 TFOM 4 2001 092 06 03 10 904312858 13 gntptimemode This command displays the current time mode settings for the front p...

Page 59: ...static In addition a minimum of four satellites must be visible and only 3 D position fixes are used When the dynamic mode is ON the source reported for the accurate reference position by gpsrefpos i...

Page 60: ...t UTC midnight number of leap seconds difference between the UTC and GPS timescales 13 at the time of this writing S is the Signal Processor State one of 0 Acquiring 1 GPS Locking 2 GPS Locked N is th...

Page 61: ...peration at the next power cycling since important parameters could be corrupt The unit should be returned to the factory for repair GPS Comm Fault This bit indicates that the microprocessor is unable...

Page 62: ...all of these e g for secu rity reasons you must run this script as root from either the RS 232 serial I O port or from a telnet or ssh session This script modifies the etc inetd conf file which is no...

Page 63: ...this script as root Refer to Chapter 2 Con figuring the Network Time Protocol for details on the use of this command The two files that are modified are etc ntp keys and etc ntp conf Both of these are...

Page 64: ...ay need to mask this fault when operat ing the NTP server as a Stratum 2 server The factory default setting is ENABLED Set sigfltmask MASKED Meridian response Signal Loss Fault Mask set to MASKED sigf...

Page 65: ...ple the C character was received three times before the user hit the ENTER key to begin the transfer The last three lines are the boot messages that are sent by the GPS subsystem as it comes up The fi...

Page 66: ...nect the Tempus LX to another computer a null modem adapter must be used The serial cable provided with the shipment is wired as a null modem adapter and can be used to connect the Tempus LX to your c...

Page 67: ...bling New IPv6 Capabilities The presence of an IPv6 capable kernel will automatically enable most of the new IPv6 capabilities By default autoconfiguration of the ethernet interface via IPv6 Router Ad...

Page 68: ...atibility with customers existing etc syslog conf setups but they are not IPv6 capable If you are not currently directing your system logs to a remote host or you are not using IPv6 then there is litt...

Page 69: ...inistrator information that will allow custom configuration to fit specific security needs Linux Operating System The embedded Linux operating system running in the Tempus LX is based on kernel versio...

Page 70: ...dles the needs of most users however the syntax of these two files sup ports elaborate configuration possibilities which are beyond the capabilites of this simple shell script Advanced users who need...

Page 71: ...SSH2 Since the provided private keys are not passphrase protected the user should create a new set of keys after verifying operation with the factory default key sets After creating the new keys the...

Page 72: ...60 A P P E N D I X A CAUTION If you are planning to make changes to the etc ntp conf file you must not restrict query access from the local host to the NTP daemon Various system monitoring processes r...

Page 73: ...Tempus LX This means that you must place the previously downloaded file s in a place on your network which is accessible to the Tempus LX Performing the Linux NTP Upgrade There are two FLASH disk par...

Page 74: ...issuing this command on your Tempus LX updaterootflag 1 You should see this line displayed UPGRADE is the default root file system Now reboot the system by issuing this command at the shell prompt shu...

Page 75: ...e the problems with the previous upgrade and re perform it Performing the Linux Kernel Upgrade If you want to upgrade your kernel to the IPv6 capable one then you must first be sure that your root fil...

Page 76: ...to the working directory tmp The GPS subsystem image will be named with the software part number and version like 6010 0020 000_3 01 bin Substitute the name of the actual GPS subsystem image that you...

Page 77: ...1 FPGA 6020 0005 000 v 0202 The firmware version should match that of the binary file that you uploaded At this point the up gradegps script terminates its execution and you will again have the standa...

Page 78: ...ke sure the above cat command is killed by typing CTRL C Then enter a new cat com mand as cat dev arm_user You should again be seeing the bootloader message every few seconds Tempus Bootloader 6010 00...

Page 79: ...he agent configuration concepts SNMPv3 Security Prior to SNMPv3 SNMP had definite security inadequacies due to using two community names in a manner analogous to passwords that were transmitted over t...

Page 80: ...the line so that it will not be executed A very compact editor with WordStar command keystrokes is available on the system for this purpose edit If you start edit without giving it a file name to open...

Page 81: ...ormport where trap2community and informcommunity should be replaced by your communities and xxx xxx xxx xxx is the IP address or hostname of the destination host for receiving the notifica tions or in...

Page 82: ...The second file is located on the non volatile FLASH disk and is used by the SNMP agent to store persistent data that may be dynamic in nature This may include the values of the MIB II variables sysL...

Page 83: ...m the file boot net snmp snmpd conf and then add new createUser lines Then re boot the system This example gives the simplest configuration to begin using SNMPv3 but doesn t make use of the full capab...

Page 84: ...Te m p u s L X G P S U s e r M a n u a l 72 A P P E N D I X C...

Page 85: ...and then make any adjustments to the height that might be necessary if the antenna is installed in a high rise build ing Input it to the Tempus LX via the setgpsrefpos command Using Geodetic Databases...

Page 86: ...he X axis lies in the equatorial plane and intersects the 0 or Greenwich meridian The Y axis also lies in the equato rial plane and intersects the 90 east meridian The Z axis is perpendicular to the e...

Page 87: ...The following is a sample datasheet for a benchmark that is near the EndRun Technologies facility in downtown Santa Rosa CA DATABASE Sybase PROGRAM datasheet VERSION 6 57 1 National Geodetic Survey Re...

Page 88: ...HIGHWAY AND 0 3 M 1 0 FT EAST OF THE JT9450 WEST END OF THE ABUTMENT JT9450 THE MARK IS 1 4 M ABOVE A SIDEWALK retrieval complete Elapsed Time 00 00 01 The height data for this benchmark was not obtai...

Page 89: ...lator OCXO or Rubidium oscillator The extrapolated TFOM is based on a conservative estimate of the performance of the oscillator and should be considered worst case for a typical benign ambient temper...

Page 90: ...Te m p u s L X G P S U s e r M a n u a l 78 A P P E N D I X E...

Page 91: ...57600 19200 9600 and 4800 Parity selections are odd even and none Format selections are Sysplex Truetime EndRun EndRunX NENA and NMEA 0183 Sysplex Format Sysplex means SYStem comPLEX and is a term us...

Page 92: ...ime in this string to be UTC then set the time mode of the Tempus LX to UTC See Time Mode in Chapter 5 Front Panel Keypad and Display and gsystimemodeconfig in Chap ter 6 Control and Status Commands T...

Page 93: ...hapter 5 m is the Timemode character and is one of G GPS L Local U UTC CC is the current leap seconds value FF is the future leap seconds value CR is the ASCII carriage return character 0x0D LF is the...

Page 94: ...on time character Once the unit is locked to GPS the leading edge of the start bit of the on time character is transmitted within 100 microseconds of the beginning of the second GGA GPS Fix Data The G...

Page 95: ...t of satellite geometry on the accuracy of the fix An example is below GPGSA A 3 18 3 22 6 9 14 19 32 2 0 1 2 1 6 10 CR LF Msg ID GPGSA Field 1 A Fixed text A shows auto selection of 2D or 3D fix Fiel...

Page 96: ...eld 11 empty field Direction of magnetic variation Field 12 A Fixed text A shows that mode is autonomous Checksum 0D Msg End CR LF ZDA Time and Date The ZDA sentence identifies the time associated wit...

Page 97: ...By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This General Public License appl...

Page 98: ...such program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containing the Program or a portion of it either verbatim...

Page 99: ...rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Program In addition...

Page 100: ...ute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcin...

Page 101: ...o ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the tw...

Page 102: ...if the text was explicitly included in the file Copyright c David L Mills 1992 2006 Permission to use copy modify and distribute this software and its documentation for any purpose with or without fee...

Page 103: ...0 9 over 0 to 70 C Rubidium 1x10 9 over 0 to 70 C Stratum 1 Holdover Performance 24 Hours TCXO 35 Days MS OCXO 140 Days Rubidium Time to Lock 5 minutes typical TCXO 10 minutes typical OCXO Rb Alphanum...

Page 104: ...erver TELNET client server FTP client DHCP client SYSLOG Supported IPv6 Protocols See Chapter 7 IPv6 Information for more details SNTP NTP v2 v3 v4 and broadcast multicast mode MD5 authentication and...

Page 105: ...m MMBT2222A open collector grounded emitter High impedance in alarm state Voltage 40 VDC maximum Saturation Current 100 mA maximum Connector Rear panel BNC jack or terminal strip Serial Time Output on...

Page 106: ...Amendment 93 68 EC Supplementary Compliance Data Safety EN 60950 1992 A1 A2 1993 A3 1995 A4 1997 A11 1998 EMC EN 55024 1998 EN61000 3 2 1995 w A1 A2 98 EN61000 3 3 1995 w A1 98 EN55022 1998 w A1 00 C...

Page 107: ...95 Te m p u s L X G P S U s e r M a n u a l S P E C I F I C AT I O N S...

Page 108: ...Te m p u s L X G P S U s e r M a n u a l 96 A P P E N D I X H...

Page 109: ...ses where configuration files must be re configured If You Are Using DHCP The new version DHCP client daemon included in the 2 60 RFS will by default overwrite the etc ntp conf This will cause serious...

Page 110: ...ds A power failure during this time would render the unit unbootable so it is highly advis able to plug the unit into a UPS while performing the upgrade Enabling New IPv6 Capabilities The presence of...

Page 111: ...remote syslogging to an IPv6 host you will need to edit the new etc syslog ng conf file and copy it to boot etc At boot time the presence of both the syslog ng daemon and the boot etc syslog ng conf f...

Page 112: ...Te m p u s L X G P S U s e r M a n u a l 100 A P P E N D I X I...

Page 113: ...fications Changes for Customer Requirements From time to time EndRun Technologies will customize the standard Tempus LX Network Time Server for special customer requirements If your unit has been modi...

Page 114: ...Te m p u s L X G P S U s e r M a n u a l 102 S P E C I A L M O D I F I C AT I O N S...

Page 115: ......

Page 116: ...2270 Northpoint Parkway Santa Rosa CA 95407 TEL 1 877 749 3878 FAX 707 573 8619 www endruntechnologies com Smarter Timing Solutions...

Search results

Summary of Contents for Tempus LX GPS

Reviews:

Related manuals for Tempus LX GPS

Brands by name

Popular brands

EndRun Tempus LX GPS, User Manual

Search results

Summary of Contents for Tempus LX GPS

Reviews:

Related manuals for Tempus LX GPS

Brands by name

Popular brands