System Configuration
Time Synchronization (NTP)
Section titled “Time Synchronization (NTP)”The Network Time Protocol (NTP) keeps the system clock accurate by synchronizing it with time servers on the internet. Accurate system time is critical for:
- Log correlation across servers (debugging, security audits)
- TLS certificate validation (certificates have time-based validity)
- Scheduled jobs (
cron,systemdtimers) - Distributed system consistency (databases, clusters)
How NTP Works
Section titled “How NTP Works”NTP uses a hierarchical structure called strata:
| Stratum | Source | Example |
|---|---|---|
| 0 | Reference clock (atomic, GPS) | Cesium clock, GPS receiver |
| 1 | Directly connected to Stratum 0 | National time servers (NIST, USNO) |
| 2 | Synchronized from Stratum 1 | pool.ntp.org servers |
| 3+ | Synchronized from higher strata | Your local machine, internal NTP servers |
Your machine typically synchronizes from Stratum 2/3 servers with millisecond-level accuracy.
timedatectl - systemd Time Management
Section titled “timedatectl - systemd Time Management”Modern distributions use systemd-timesyncd (basic SNTP client) or chrony/ntpd for full NTP.
# View current time, timezone, and NTP synchronization statustimedatectl
# List available timezonestimedatectl list-timezones | grep America
# Set timezonesudo timedatectl set-timezone America/New_York
# Enable/disable NTP synchronizationsudo timedatectl set-ntp truesudo timedatectl set-ntp false
# Set time manually (only when NTP is disabled)sudo timedatectl set-time "2025-03-15 14:30:00"
# Check NTP sync statustimedatectl show-timesyncchrony - NTP Daemon (Recommended)
Section titled “chrony - NTP Daemon (Recommended)”chrony handles time synchronization more aggressively than the older ntpd and is the default on RHEL 8+:
# Check synchronization statuschronyc trackingchronyc sources -v # show all configured sources and their state
# View the configured NTP servers/poolscat /etc/chrony.conf
# Force an immediate time step (useful after long downtime)sudo chronyc makestepNetwork Manager
Section titled “Network Manager”NetworkManager is the standard network configuration daemon on most modern Linux desktop and server distributions. It:
- Detects and manages wired, wireless, and mobile broadband interfaces
- Handles connection profiles (static IP, DHCP, VPN, etc.)
- Exposes a D-Bus API used by desktop applets and CLI tools
Architecture
Section titled “Architecture”nmcli / nmtui / nm-applet (GUI) | NetworkManager daemon | +-------+-------+ | | Wired Wi-Fi (wpa_supplicant) (kernel) (kernel)Configuration Concepts
Section titled “Configuration Concepts”| Concept | Description |
|---|---|
| Connection profile | Named set of settings (IP, DNS, gateway); stored in /etc/NetworkManager/system-connections/ |
| Device | Physical or virtual NIC (e.g., enp3s0, wlan0) |
| Active connection | A profile applied to a device |
| DHCP | Automatic IP assignment; used for most connections by default |
How NetworkManager handles wired connections:
- Detects link state automatically (cable plugged/unplugged)
- Requests DHCP lease on link-up
- For static configs: edits the connection profile via
nmcli
nmcli Quick Reference
Section titled “nmcli Quick Reference”# Show all connections (profiles)nmcli connection show
# Show active connectionsnmcli connection show --active
# Show device statusnmcli device status
# Connect/disconnect a profilenmcli connection up "Profile Name"nmcli connection down "Profile Name"
# Set static IP on a connectionnmcli connection modify eth0-static \ ipv4.addresses "192.168.1.100/24" \ ipv4.gateway "192.168.1.1" \ ipv4.dns "8.8.8.8" \ ipv4.method manual
# Reload all connectionssudo nmcli connection reloadnmtui - Text UI
Section titled “nmtui - Text UI”For an interactive, menu-driven interface (useful over SSH):
sudo nmtui # opens a terminal UI for editing connectionsVPN Support
Section titled “VPN Support”NetworkManager supports many VPN types via plugins:
| VPN Technology | NetworkManager Plugin |
|---|---|
| OpenVPN | NetworkManager-openvpn |
| WireGuard | NetworkManager-wireguard |
| Cisco AnyConnect / OpenConnect | NetworkManager-openconnect |
| Microsoft PPTP | NetworkManager-pptp |
| IPSec / L2TP | NetworkManager-l2tp |
# Install OpenVPN plugin (RHEL/Fedora)sudo dnf install NetworkManager-openvpn
# Import an OpenVPN .ovpn filenmcli connection import type openvpn file client.ovpnnmcli connection up clientLocale and Language
Section titled “Locale and Language”System locale controls date/number format, language, and character encoding:
localectl # show current locale settingslocalectl list-locales | grep en_US # find available localessudo localectl set-locale LANG=en_US.UTF-8
# Per-session overrideexport LANG=en_US.UTF-8export LC_ALL=en_US.UTF-8Screen Resolution (X11)
Section titled “Screen Resolution (X11)”xdpyinfo | grep dim # current screen dimensionsxrandr # list outputs and supported resolutionsxrandr --output HDMI-1 --mode 1920x1080 # set resolutionSystem Hostname
Section titled “System Hostname”hostnamectl # show hostname, OS info, kernel versionsudo hostnamectl set-hostname myserver # set a new hostname (persistent)
# Types of hostnames:# Static: persisted in /etc/hostname; used by default# Transient: may be set by DHCP/mDNS at runtime# Pretty: human-readable string (can contain spaces)sudo hostnamectl set-hostname "My Dev Server" --pretty