Skip to main content

Rkhunter Set Up in systemd : Revisited

I made a post about setting up rkhunter using systemd. And little did I know it's going to be a work in progress for weeks. But I have finally set up the service and timer units just right.

[donato@archdesktop ~]$ systemctl list-timers
NEXT                         LEFT        LAST                         PASSED       UNIT                         ACTIVATES
Fri 2017-10-06 00:00:00 +08  16h left    Thu 2017-10-05 00:00:20 +08  7h ago       logrotate.timer              logrotate.service
Fri 2017-10-06 00:00:00 +08  16h left    Thu 2017-10-05 00:00:20 +08  7h ago       man-db.timer                 man-db.service
Fri 2017-10-06 00:00:00 +08  16h left    Thu 2017-10-05 00:00:20 +08  7h ago       shadow.timer                 shadow.service
Fri 2017-10-06 00:00:00 +08  16h left    Thu 2017-10-05 00:00:20 +08  7h ago       updatedb.timer               updatedb.service
Fri 2017-10-06 00:08:16 +08  16h left    Thu 2017-10-05 04:28:45 +08  3h 15min ago rkhunter.timer               rkhunter.service
Fri 2017-10-06 01:38:57 +08  17h left    Wed 2017-10-04 19:12:48 +08  12h ago      systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Mon 2017-10-09 08:46:49 +08  4 days left Mon 2017-10-02 19:37:22 +08  2 days ago   reflector.timer              reflector.service

7 timers listed.
Pass --all to see loaded but inactive timers, too.
[donato@archdesktop ~]$ systemctl status rkhunter.service
donato@archdesktop ~]$ systemctl status rkhunter.service
● rkhunter.service - rkhunter rootkit scan and malware detection
   Loaded: loaded (/etc/systemd/system/rkhunter.service; static; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:rkhunter
           man:systemd.service
[donato@archdesktop ~]$

If I want rkhunter to start scanning at boot, I should enable the service with:

$ systemctl enable rkhunter.service

Since I don't want that behavior I'm disabling the service. It won't start at boot but will start when its timer elapse. 

rkhunter update process fails in this instance, but the main process goes on at the elapse time set in the timer file. My tip with creating service and timer files in systemd is letting the default behavior take you where you want to go. So it's a given that you know what those defaults are.


My current rkhunter.service file is:
[donato@archdesktop ~]$ systemctl cat rkhunter.service
# /etc/systemd/system/rkhunter.service
[Unit]
Description=rkhunter rootkit scan and malware detection
Documentation=man:rkhunter man:systemd.service


[Service]
ExecStartPre=-/usr/bin/rkhunter --update
ExecStartPre=-/usr/bin/rkhunter --propupd
ExecStart=/usr/bin/rkhunter --check -sk
SuccessExitStatus=1 2 8 SIGKILL TERM


[Install]
WantedBy=multi-user.target

My current rkhunter.timer file is:
[donato@archdesktop ~]$ systemctl cat rkhunter.timer
# /etc/systemd/system/rkhunter.timer
[Unit]
Description=Run rkhunter daily
Documentation=man:rkhunter man:systemd.timer


[Timer]
OnCalendar=*-*-* 00:00:00
RandomizedDelaySec=5h
WakeSystem=true
Persistent=true


[Install]
WantedBy=timers.target

Comments

Post a Comment

Popular posts from this blog

Password Issues On Ubuntu Login

I found myself unable to enter my login credentials when prompted to do so in Ubuntu. I think I might have changed it then forget about it. I've been running the current session for more days than I should have. I forget. So what's the solution to my problem. How do I get in to my system now? It involved getting into the grub menu somehow. I am uncertain as to how to do that exactly in your system. So there's a couple of ways to do it (finger's crossed). When booting at system start, use the esc key or the shift key. The first one worked for me. The timing is key. Wait until the bios banner shows then hit the esc key once. I am using Ubuntu 22.04.4 here. I have a current version of grub. The grub menu will give you options and the one you want is: root. Yes you want root privileges to set the root password. It should give you a terminal access where you can issue commands. Type: #mount -rw -o -s remount / ==> this command mounts the filesyste...
Post a Comment
Read more

Reflections On My Blogging: Keeping It Honest

When you're facing a white, blank screen trying to decide what to write, it seemed hopeless and hopeful at the same time. It's like watching a boat with its sails unfurled but there's no wind, yet you wait and then see the tide turning. You have to stop the distractions. Shut the door. Wait until your breathing is regular and your mind relaxed, like your wrists on the table infront of you. I imagine me looking sideways but not hearing anything. The sounds come much later. I see the big mass of color first, the greens. Just the vegetation, moving, not even individual trees, not leaves, just the big green. Then behind it the blue sky, unfocused and floating. Do not concern your brain with the details. Forget the words and the punctuations. But be mindful of the flow, trace the outlines, hear the motions. Sometime these things don't have a name, give it a name. How do you give something a name and still be honest? How do you keep your writing honest? I...
Post a Comment
Read more

Webapps in Unity

So it has been 4 months since Ubuntu 14.04 came out. This is LTS and supported for 6 years by Canonical. The first mobile device with Ubuntu pre-installed is promised to come out later this year, 2014. It's time to check out how the apps perform so far. It is a good idea. I use Gmail and Twitter and Facebook. Why not a webapp in a desktop? So I start the Twitter and Gmail webapp. So far it has crashed my computer 6 times. Not a very good sign. On the other hand it does work but not as stable as opening them in Firefox. -- Use my PGP key if you want to encrypt your replies/messages to me. You are invited to also send me your PGP keys so we can communicate in private.
Post a Comment
Read more