timedatectl
timedatectl list-timezones
timedatectl list-timezones | grep Europe/Berlin
sudo timedatectl set-timezone Europe/Berlin
chronysudo apt install -y chrony
sudo install -d -m 0750 -o _chrony -g _chrony /var/lib/chrony/nts
chrony.confsudo nano /etc/chrony/chrony.conf
# ============================================================
# Chrony Konfiguration – Hardening-Version (Debian-basiert)
# ============================================================
# Include configuration files found in /etc/chrony/conf.d - no override
confdir /etc/chrony/conf.d
# ============================================================
# ZEITQUELLEN
# ============================================================
# Vendor default (Debian pool)
# pool 2.debian.pool.ntp.org iburst
# Vendor default (Custom pool)
pool de.pool.ntp.org iburst maxsources 4
# Zusätzliche, sichere NTP-Quellen
server time.cloudflare.com iburst nts
server time.google.com iburst nts
# Optional: Lokale NTP-Freigabe (interne Clients)
# allow 192.168.179.0/24
# local stratum 10
# ============================================================
# NTS (Network Time Security)
# ============================================================
# Speichert TLS-Zertifikate und NTS-Cookies
ntsdumpdir /var/lib/chrony/nts
# Achtung: Verzeichnis muss existieren
# sudo install -d -m 0750 -o _chrony -g _chrony /var/lib/chrony/nts
# ============================================================
# AUTHENTIFIZIERUNG / LOGGING
# ============================================================
keyfile /etc/chrony/chrony.keys
logdir /var/log/chrony
#log tracking measurements statistics # optional aktivierbar
# ============================================================
# SYSTEMSTEUERUNG
# ============================================================
# Synchronisiere Systemuhr (RTC)
rtcsync
# Initiale Korrektur bei größeren Zeitabweichungen
makestep 1.0 3
# Drift-Datei: langfristige Taktabweichung
driftfile /var/lib/chrony/chrony.drift
# Stabilitätsschutz
maxupdateskew 100.0
# NTP-Quellen aus DHCP & statischen Verzeichnissen laden
sourcedir /run/chrony-dhcp
sourcedir /etc/chrony/sources.d
# TAI/UTC Offset
leapsectz right/UTC
sudo systemctl restart chrony
sudo systemctl status chrony
chronyc tracking
chronyc sources -v
date
Ergebnisbeispiel:
~ $ chronyc tracking
Reference ID : A29FC87B (time.cloudflare.com)
Stratum : 4
Ref time (UTC) : Sun Oct 26 12:16:41 2025
System time : 0.000753102 seconds slow of NTP time
Last offset : -0.001043499 seconds
RMS offset : 0.001043499 seconds
Frequency : 3.049 ppm fast
Residual freq : +1787.474 ppm
Skew : 0.386 ppm
Root delay : 0.044577349 seconds
Root dispersion : 0.016933698 seconds
Update interval : 2.1 seconds
Leap status : Normal
~ $ chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? time.cloudflare.com 3 6 17 54 -7143us[-8187us] +/- 18ms
^? ptr.default 2 6 17 54 -7098us[-8142us] +/- 15ms
^? nc-vps-nue.ultrasrv.de 2 6 17 54 -6831us[-7874us] +/- 60ms
^? static.81.54.251.148.cli> 2 6 17 55 +215us[ +10ms] +/- 61ms
^* time.cloudflare.com 3 6 17 53 -3190us[-4234us] +/- 23ms
^? time4.google.com 0 8 0 - +0ns[ +0ns] +/- 0ns
~ $ date
Sun Oct 26 01:18:19 PM CET 2025