Secure Time Sync Daemon

stsd - Secure Time Sync Daemon
==============================

Set system date based on HTTP 'date' headers over TLS.
Inspired by Whonix's sdwdate, and Madaidan's secure-time-sync script.


What's wrong with NTP?
----------------------
Standard NTP does not make use any kind of cryptography. No encryption, no
authentication. This means NTP requests can be sniffed and tampered with
to send a system the wrong time [1].
Correct system time is essential for the use of modern public key cryptography
(TLS/SSL for example).

stsd aims to overcome these shortcomings of NTP and provide a secure way of
keeping a system's time accurate.


How it works
------------
At random intervals (between 60 minutes and 180 minutes) stsd sets the system
time based on the timestamp extracted from HTTP headers (RFC2616) over TLS.
The website it gets this header from is randomly selected from a pool file.

Optionally stsd can do this all over Tor; favouring onion addresses
specified in the pool file.


Caveats
-------
Currently stsd does a lot of things that are generally not ideal for
security-critical software:

 - It must be run as root, since on most systems only root can change the
   system's date.
 - It shells out to date(1) to update the system time.

Note that stsd is currently in a very pre-alpha state - in the future it is
possible that these pitfalls in stsd's design can be remedied.


OS support
----------
As mentioned previously stsd works by shelling out to date(1) to set the system
time - as a side-effect of this all systems with a POSIX compliant date(1)
command are supported. This includes: 

 - MacOS
 - {Net,Free,DragonFly,Open}BSD
 - Most Linux distributions


Usage
-----
usage: stsd [--pool-file=file] [--use-proxy=proxy | --use-tor[=proxy]]
where:
  --pool-file=file   use the specified pool file (default: /etc/stsd_pool).
  --use-proxy=proxy  proxy network requests through 'proxy' url.
  --use-tor          use tor for network requests. favours onion addresses
                     from the pool file. tor's proxy url can be configured
                     by passing as an argument flag: '--use-tor=proxy'
                     (default tor proxy url: 'socks5://localhost:9050')


Pool file format
----------------
The pool file contains a newline separated list of HTTPS URLs. Each URL can
optionally have an associated onion address.
The optional onion address will be favoured over the clearnet address when the
--use-tor argument is given.

Each line in the file is of the format:

	<url>[,onion]

Empty lines, and lines starting with a '#' are ignored.
An example pool file (stsd_pool_example) is also provided.


Forcing an update
-----------------
Sending stsd the SIGUSR1 signal forces a date update. Currently this does not
cancel the next date update scheduled.


See also
--------
If you use OpenBSD's OpenNTPD, it is possible to set 'constraint' URLs.
These tell ntpd to make use of HTTPS date headers to act as an authenticated
constraint - NTP packets falling outside of the range of the constraint are
discarded and NTP servers sending these packets are marked as invalid [2].
This strikes a good balance between the accuracy of NTP and authentication
via TLS.

sdwdate: https://www.whonix.org/wiki/Sdwdate
secure-time-sync: https://gitlab.com/madaidan/secure-time-sync


References
----------
1: https://blog.hboeck.de/archives/863-Dont-update-NTP-stop-using-it.html
2: https://man.openbsd.org/ntpd.conf#CONSTRAINTS (https://openntpd.org/)

Similar Resources

GopherTalk: a multi-user chat powered by GO to explore its standard library and features like sockets, goroutines, channels and sync package

GopherTalk: a multi-user chat powered by GO to explore its standard library and features like sockets, goroutines, channels and sync package

GopherTalk GopherTalk is a multi-user chat powered by GO to explore its standard

Jun 6, 2022

easyRpc - Sync && Async Call supported

easyRpc - Sync && Async Call supported

Feb 16, 2022

A Crypto-Secure, Production-Grade Reliable-UDP Library for golang with FEC

 A Crypto-Secure, Production-Grade Reliable-UDP Library for golang with FEC

Introduction kcp-go is a Production-Grade Reliable-UDP library for golang. This library intents to provide a smooth, resilient, ordered, error-checked

Dec 28, 2022

A Stable & Secure Tunnel based on KCP with N:M multiplexing and FEC. Available for ARM, MIPS, 386 and AMD64。KCPプロトコルに基づく安全なトンネル。KCP 프로토콜을 기반으로 하는 보안 터널입니다。

A Stable & Secure Tunnel based on KCP with N:M multiplexing and FEC. Available for ARM, MIPS, 386 and AMD64。KCPプロトコルに基づく安全なトンネル。KCP 프로토콜을 기반으로 하는 보안 터널입니다。

Disclaimer: kcptun maintains a single website — github.com/xtaci/kcptun. Any websites other than github.com/xtaci/kcptun are not endorsed by xtaci. Re

Jan 9, 2023

A secure image proxy server

go-camo Contents About How it works Differences from Camo Installing pre-built binaries Building Running Running on Heroku Securing an installation Co

Jan 7, 2023

Secure-by-default HTTP servers in Go.

go-safeweb DISCLAIMER: This is not an officially supported Google product. go-safeweb is a collection of libraries for writing secure-by-default HTTP

Dec 17, 2022

The easiest, most secure way to use WireGuard and 2FA.

This repository contains all the open source Tailscale client code and the tailscaled daemon and tailscale CLI tool. The tailscaled daemon runs primarily on Linux; it also works to varying degrees on FreeBSD, OpenBSD, Darwin, and Windows.

Jan 8, 2023

Simple, secure and modern Go HTTP server to serve static sites, single-page applications or a file with ease

srv srv is a simple, secure and modern HTTP server, written in Go, to serve static sites, single-page applications or a file with ease. You can use it

Sep 7, 2022
Comments
  • Use unprivileged subprocess to make network requests

    Use unprivileged subprocess to make network requests

    Running the entire daemon as root is not ideal. We want to implement privilege separation as much as possible.

    Ideas I've had:

    Option 1:

    • Daemon runs as unprivileged user
    • Shell out to sudo/doas to run date command

    One downside to this option is that it requires the user to modify their sudo configuration. Also some systems don't come with sudo or similar, so I think it should be avoided.

    Option 2:

    • Daemon (parent) runs as root
    • Fork child process to run as unprivileged user
    • Child process does all the internal work, waiting, network requests, etc
      • Via some IPC it tells the parent to use privileges to shell out to date to set time

    This is similar to what OpenNTPD does. This option requires an unprivileged user to be setup for the daemon - but this isn't uncommon.

    Edit: It looks like a C-style fork() in Golang is a bit tricky. But it might still be doable?

  • Time not syncing accurately

    Time not syncing accurately

    After running overnight, I noticed my time is a few seconds (2-5) off to my phone.

    Perhaps that means it needs to update the time more often, maybe every 64-1024 like NTP?

  • Add back SIGUSR1 to force time update

    Add back SIGUSR1 to force time update

    Sending SIGUSR1 should force a time update.

    Due to the major restructuring of the codebase to accommodate for the child network process, this feature was temporarily removed.

shoutrrr daemon

shoutrrr daemon Orginal repositories: shoutrrr repository shoutrrr documentation Installation & Configuration Create a services.yaml with the followin

Dec 12, 2021
Aidos Kuneen (v2 network) daemon program that is controlled through the command line and remotely via RPC calls

adk-daemon: aidosd.v2 aidosd (v2) is a deamon which acts as bitcoind for adk. This version has been built specifically for network mesh version 2+ For

Dec 1, 2021
DNS synchronization daemon for the AIRE project.

dns-sync Database structure: { "name": "example-host.example.com", "content": "127.1.33.7" } ENV parameters: DEBUG: true|false DNS_FILTER: Reg

Dec 20, 2021
NDP Proxy + Responder daemon

PNDPD - NDP Responder + Proxy Features Efficiently process incoming packets using bpf (which runs in the kernel) Respond to all NDP solicitations on a

Dec 23, 2022
Wrapper for Lightning Network Daemon (lnd). It provides separate accounts with minimum trust for end users.

LndHub.go Wrapper for Lightning Network Daemon (lnd). It provides separate accounts with minimum trust for end users. LndHub compatible API implemente

Dec 21, 2022
CoreRAD is an extensible and observable IPv6 Neighbor Discovery Protocol router advertisement daemon. Apache 2.0 Licensed.
CoreRAD is an extensible and observable IPv6 Neighbor Discovery Protocol router advertisement daemon. Apache 2.0 Licensed.

CoreRAD CoreRAD is an extensible and observable IPv6 Neighbor Discovery Protocol router advertisement daemon. Apache 2.0 Licensed. To get started with

Nov 14, 2022
Ephemeral One Time/Build-Time gRPC TLS PKI system.

PkiSauce Ephemeral Build Time TLS PKI saucing for your intra services GRPC (or not) communications. Description A simple attempt to avoid deploying co

Jul 4, 2022
Cross platform local network clipboard sync.

clipSync Synchronize clipboard content across multiple devices. Features Rapidly synchronize clipboard content to all devices in same local network. S

Jan 3, 2022
An API Client package for Studyplus for School SYNC API

Studyplus for School SYNC API Client This project is currently alpha, possibility having breaking changes. studyplus_for_school_sync_go is a API clien

Aug 2, 2021
server-to-server sync application, written in go/golang.

svcpy: server to server copy a basic server-to-server copy application. on a single binary, it can be a server or a client. example usage: on the serv

Nov 4, 2021