I want to sync some two dozen Linux servers which are spread all over the world. I was thinking about using NTPD, but I want to know the security implications of using it: Is there a possible vulnerability? Should I sync them to a local server and sync it manually?
any piece of network software is a potential vulnerability, especially if it runs as root as ntpd does. That said, ntpd has a very good security record, so I would have little problem running it, as long as my servers were not listening as ntp servers, merely connecting to them to update the time.