On Sat, 2023-07-22 at 16:19 +0100, Richard Lewis wrote: > On Sat, 22 Jul 2023 at 15:48, james.bottom...@hansenpartnership.com > <james.bottom...@hansenpartnership.com> wrote: > > The systemd chkrootkit.timer has this line: > > > > OnBootSec=30min > > > > Which means it runs 30 minutes after a reboot. I tend to upgrade > > my servers > > in the early morning, which means it's still running when people > > start using > > the services (and it is very disk heavy so they notice the > > slowdown). > > > > Ideally this should run from cron.daily so it can be sequenced with > > all the > > other daily services. However, if you insist on running it from > > systemd, can > > it at least have an OnCalendar timer set from a config file, so I > > can > > sequence it to begin at night? > > Hi - you should be able to do this without any changes to the > package: > > systemctl edit chkrootkit.timer > > and add/change the settings in a drop-in file directly to have it run > when you like - there's no point duplicating such things in the > chkrootkit config file. Using systemd's built-in methods is more > flexible and avoids having to edit dpkg conffiles and get prompts on > future upgrades.
Well, I did do this with vi to add the OnCalendar entry I suggested. The problem is most sysadmins have trouble figuring out the syntax. Plus it's a chase around three manual pages to figure out that what you need is OnCalendar. Perhaps adding a commented out OnCalendar to the file would save others the archaeology? > You can also disable the .timer entirely and make a local script to > run from cron.daily: > > systemctl disable chkrootkit.timer > ln -s /usr/sbin/chkrootkit-daily/ /etc/cron.daily/local-chkrootkit > # untested, but you get the idea > > For better or worse, debian has chosen to make systemd the default. > This does require doing things in different ways, but it is actually > a lot more flexible. Yes, the problem I have: wanting periodic services to all start in the evening and run reasonably sequentially isn't one of the options systemd can apparently cope with ... but I get that's not a chkrootkit problem. James
