Systemd timer for rkhunter fails to run

netpumber · 2014-11-12 13:12:34

Hello.

I created a timer to run weekly the rkhunter script but the

systemctl status timer_rkhunter

returns :

 timer_rkhunter.service - Timer script to run rkhunter
   Loaded: loaded (/etc/systemd/system/timer_rkhunter.service; static)
   Active: failed (Result: exit-code) since Mon 2014-11-10 23:47:46 EET; 1 day 15h ago
 Main PID: 21978 (code=exited, status=1/FAILURE)

The .timer file :

[Unit]
Description=Script to run rkhunter 

[Timer]
# Time to wait after booting before we run first time
OnBootSec=10min
# Time between running each consecutive time
OnUnitActiveSec=1w
Unit=timer_rkhunter.service
Persistent=true

[Install]
WantedBy=multi-user.target

and the .service file

[Unit]
Description=Timer script to run rkhunter 

[Service]
Type=simple
ExecStart=/usr/bin/rkhunter --cronjob --update --quiet

If i execute the /usr/bin/rkhunter --cronjob --update --quiet in a terminal everything works properly.

falconindy · 2014-11-12 13:49:39

Your unit didn't fail to run, it ran and failed. Please read up on the various values of "Type" for your service -- "simple" is not appropriate.

netpumber · 2014-11-12 16:20:31

I tried every type of 'type' but still doesn't work

 journalctl -xn                                                                                                                                                                                          
-- Logs begin at Thu 2012-11-01 00:35:38 EET, end at Wed 2014-11-12 17:56:23 EET. --
Nov 12 17:29:05 nucleus.cell.org systemd[1]: timer_rkhunter.service: main process exited, code=exited, status=1/FAILURE
Nov 12 17:29:05 nucleus.cell.org systemd[1]: Unit timer_rkhunter.service entered failed state.
Nov 12 17:31:18 nucleus.cell.org systemd[1]: timer_rkhunter.service is of type D-Bus but no D-Bus service name has been specified. Refusing.
Nov 12 17:34:00 nucleus.cell.org systemd[1]: timer_rkhunter.service start operation timed out. Terminating.
Nov 12 17:34:00 nucleus.cell.org systemd[1]: Failed to start Timer script to run rkhunter.
-- Subject: Unit timer_rkhunter.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit timer_rkhunter.service has failed.
-- 
-- The result is failed.
Nov 12 17:34:00 nucleus.cell.org systemd[1]: Unit timer_rkhunter.service entered failed state.
Nov 12 17:56:23 nucleus.cell.org udisks-daemon[895]: **** Refreshing ATA SMART data for /sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda
Nov 12 17:56:23 nucleus.cell.org udisks-daemon[895]: helper(pid 25024): launched job udisks-helper-ata-smart-collect on /dev/sda
Nov 12 17:56:23 nucleus.cell.org udisks-daemon[895]: helper(pid 25024): completed with exit code 0
Nov 12 17:56:23 nucleus.cell.org udisks-daemon[895]: **** EMITTING CHANGED for /sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda

ukhippo · 2014-11-12 17:26:08

I don't know what rkhunter is, but it's exiting with status 1. Have you tried removing "--quiet" and see what gets logged?

netpumber · 2014-11-13 14:36:36

rkhunter is a rootkit scanner

Here are the results without --quiet

# journalctl -xn                                                                                                                                                                                        
-- Logs begin at Thu 2012-11-01 00:35:38 EET, end at Thu 2014-11-13 16:27:06 EET. --
Nov 13 16:14:07 nucleus.cell.org udisks-daemon[895]: **** REMOVING /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-8/2-8:1.0/host7/target7:0:0/7:0:0:0/block/sdb
Nov 13 16:14:07 nucleus.cell.org udisks-daemon[895]: **** EMITTING REMOVED for /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-8/2-8:1.0/host7/target7:0:0/7:0:0:0/block/sdb
Nov 13 16:14:07 nucleus.cell.org udisks-daemon[895]: **** scsi_host IGNORING REMOVE /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-8/2-8:1.0/host7/scsi_host/host7
Nov 13 16:26:23 nucleus.cell.org udisks-daemon[895]: **** Refreshing ATA SMART data for /sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda
Nov 13 16:26:23 nucleus.cell.org udisks-daemon[895]: helper(pid 18433): launched job udisks-helper-ata-smart-collect on /dev/sda
Nov 13 16:26:23 nucleus.cell.org udisks-daemon[895]: helper(pid 18433): completed with exit code 0
Nov 13 16:26:23 nucleus.cell.org udisks-daemon[895]: **** EMITTING CHANGED for /sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda
Nov 13 16:27:06 nucleus.cell.org systemd[1]: timer_rkhunter.service start operation timed out. Terminating.
Nov 13 16:27:06 nucleus.cell.org systemd[1]: Failed to start Timer script to run rkhunter.
-- Subject: Unit timer_rkhunter.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit timer_rkhunter.service has failed.
-- 
-- The result is failed.
Nov 13 16:27:06 nucleus.cell.org systemd[1]: Unit timer_rkhunter.service entered failed state.

# systemctl status timer_rkhunter                                                                                                                                                                          
● timer_rkhunter.service - Timer script to run rkhunter
   Loaded: loaded (/etc/systemd/system/timer_rkhunter.service; static)
   Active: failed (Result: timeout) since Thu 2014-11-13 16:27:06 EET; 1min 21s ago
  Process: 29377 ExecStart=/usr/bin/rkhunter --cronjob --update (code=killed, signal=TERM)
 Main PID: 26027 (code=exited, status=1/FAILURE)

Nov 13 16:27:06 nucleus.cell.org systemd[1]: timer_rkhunter.service start operation timed out. Terminating.
Nov 13 16:27:06 nucleus.cell.org systemd[1]: Failed to start Timer script to run rkhunter.
Nov 13 16:27:06 nucleus.cell.org systemd[1]: Unit timer_rkhunter.service entered failed state.

falconindy · 2014-11-13 15:33:13

systemd.service(5) wrote:

Behavior of oneshot is similar to simple; however, it is expected that the process has to exit before systemd starts follow-up units.

rkhunter is not a long running process. It starts up, does work, exits. This is the appropriate service type.

Last edited by falconindy (2014-11-13 15:33:41)

netpumber · 2014-11-13 15:54:48

Even with oneshot type, something is going wrong :s.

Leonid.I · 2014-11-15 01:37:10

OK, I tested this in a clean VM. Rkhunter runs OK, but apparently exits with a non-zero error code. Check your /var/log/rkhunter.log -- there are probably some complaints about hidden files (from krb5 package) and the lack of /sbin/init (I don't have systemd-sysvcompat). To silence systemd, prepend /usr/bin/rkhunter with a "-" sign...

Also, let me note that unless you are running rkhunter _from_a_clean_ environment, like a livecd, it has no security benefit whatsoever -- so you are most likely wasting CPU cycles and disk IO on a placebo.

netpumber · 2014-11-15 06:40:59

Thank you, but why it doesn't count to run it from your system and not from a live cd ?

ukhippo · 2014-11-15 09:21:25

Because if your system is compromised, you cannot trust anything on that system.

Arch Linux

#1 2014-11-12 13:12:34

Systemd timer for rkhunter fails to run

#2 2014-11-12 13:49:39

Re: Systemd timer for rkhunter fails to run

#3 2014-11-12 16:20:31

Re: Systemd timer for rkhunter fails to run

#4 2014-11-12 17:26:08

Re: Systemd timer for rkhunter fails to run

#5 2014-11-13 14:36:36

Re: Systemd timer for rkhunter fails to run

#6 2014-11-13 15:33:13

Re: Systemd timer for rkhunter fails to run

#7 2014-11-13 15:54:48

Re: Systemd timer for rkhunter fails to run

#8 2014-11-15 01:37:10

Re: Systemd timer for rkhunter fails to run

#9 2014-11-15 06:40:59

Re: Systemd timer for rkhunter fails to run

#10 2014-11-15 09:21:25

Re: Systemd timer for rkhunter fails to run

Board footer