Description of problem:

Is it possible to add a timer for aide configuration(aide --check) in RHEL8-10?

Version-Release number of selected component (if applicable):

How reproducible:
N/A

Steps to Reproduce:

Actual results:

Expected results:

• There should be CPU capping on aide process so Customer can put CPU limit as most of the customer complains about CPU usage of AIDE. (yes excluding the unnecessary file is an option but this will give more control to user)
• In cron there is danger of duplication of aide process if first process never ends. In cron we can address this with flock usage, but timer way is much better and would work out of the box.
• Timer is something user will enable. It will be disabled by default.
• Similar to aide-check.timer, aide-update.timer can be added.

A customer wants to have a pre-configured timer for aide check configuration instead of configuring a job via cron.

---------------

Example units:

[root@localhost ~]# cat /etc/systemd/system/timers.target.wants/aide-check.timer 
[Unit] 
Description=Run AIDE check daily 

[Timer] 
OnCalendar=daily 
Persistent=true 

[Install] 
WantedBy=timers.target 
[root@localhost ~]# cat /etc/systemd/system/aide-check.service  
[Unit] 
Description=Run AIDE integrity check 
Nice=10 
IOSchedulingClass=idle 

[Service] 
Type=oneshot 
ExecStart=/usr/sbin/aide --check 
CPUQuota=50% 
User=root 
Group=root 
[root@localhost ~]# 

Additional info:

When aide --check runs on a command line, it always returns the exit code 5 even though it ran successfully. I created aide.service and aide.timer unit files. When timer triggers, it starts aide check, however, it returns exit code 5 so the status aide.service shows as failed on a successful attempt.