I made a post about setting up rkhunter using systemd. And little did I know it's going to be a work in progress for weeks. But I have finally set up the service and timer units just right.
[donato@archdesktop ~]$ systemctl list-timers
NEXT LEFT LAST PASSED UNIT ACTIVATES
Fri 2017-10-06 00:00:00 +08 16h left Thu 2017-10-05 00:00:20 +08 7h ago logrotate.timer logrotate.service
Fri 2017-10-06 00:00:00 +08 16h left Thu 2017-10-05 00:00:20 +08 7h ago man-db.timer man-db.service
Fri 2017-10-06 00:00:00 +08 16h left Thu 2017-10-05 00:00:20 +08 7h ago shadow.timer shadow.service
Fri 2017-10-06 00:00:00 +08 16h left Thu 2017-10-05 00:00:20 +08 7h ago updatedb.timer updatedb.service
Fri 2017-10-06 00:08:16 +08 16h left Thu 2017-10-05 04:28:45 +08 3h 15min ago rkhunter.timer rkhunter.service
Fri 2017-10-06 01:38:57 +08 17h left Wed 2017-10-04 19:12:48 +08 12h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Mon 2017-10-09 08:46:49 +08 4 days left Mon 2017-10-02 19:37:22 +08 2 days ago reflector.timer reflector.service
7 timers listed.
Pass --all to see loaded but inactive timers, too.
[donato@archdesktop ~]$ systemctl status rkhunter.service
donato@archdesktop ~]$ systemctl status rkhunter.service
● rkhunter.service - rkhunter rootkit scan and malware detection
Loaded: loaded (/etc/systemd/system/rkhunter.service; static; vendor preset: disabled)
Active: inactive (dead)
Docs: man:rkhunter
man:systemd.service
[donato@archdesktop ~]$
If I want rkhunter to start scanning at boot, I should enable the service with:
$ systemctl enable rkhunter.service
Since I don't want that behavior I'm disabling the service. It won't start at boot but will start when its timer elapse.
● rkhunter.service - rkhunter rootkit scan and malware detection
Loaded: loaded (/etc/systemd/system/rkhunter.service; static; vendor preset: disabled)
Active: inactive (dead)
Docs: man:rkhunter
man:systemd.service
[donato@archdesktop ~]$
If I want rkhunter to start scanning at boot, I should enable the service with:
$ systemctl enable rkhunter.service
Since I don't want that behavior I'm disabling the service. It won't start at boot but will start when its timer elapse.
rkhunter update process fails in this instance, but the main process goes on at the elapse time set in the timer file. My tip with creating service and timer files in systemd is letting the default behavior take you where you want to go. So it's a given that you know what those defaults are.
My current rkhunter.service file is:
[donato@archdesktop ~]$ systemctl cat rkhunter.service
# /etc/systemd/system/rkhunter.service
[Unit]
Description=rkhunter rootkit scan and malware detection
Documentation=man:rkhunter man:systemd.service
[Service]
ExecStartPre=-/usr/bin/rkhunter --update
ExecStartPre=-/usr/bin/rkhunter --propupd
ExecStart=/usr/bin/rkhunter --check -sk
SuccessExitStatus=1 2 8 SIGKILL TERM
[Install]
WantedBy=multi-user.target
[donato@archdesktop ~]$
My current rkhunter.timer file is:
[donato@archdesktop ~]$ systemctl cat rkhunter.timer
# /etc/systemd/system/rkhunter.timer
[Unit]
Description=Run rkhunter daily
Documentation=man:rkhunter man:systemd.timer
[Timer]
OnCalendar=*-*-* 00:00:00
RandomizedDelaySec=5h
WakeSystem=true
Persistent=true
[Install]
WantedBy=timers.target
[donato@archdesktop ~]$
Comments