please consider using dotlockfile -p -r 0 -l $LOCKFILE in the wrapper.
The current setting will retry to obtain the lock, which is probably
not intended behavior if a manual aide run prevents the cron-job from
I have lost my aide database in the following situation:
- I boot up a VM that was not running during cron.daily time
- I upgrade the kernel
- I reboot before anacron starts cron.daily
- After the reboot, I invoke aide.wrapper --update to refresh the
- during this operation, anacron starts cron.daily, aide's cron job
cannot obtain the lock because the manually started aide cron job
holds it. the cron.daily wrapper waits.
- The manual aide run ends, the cron.daily aide run obtains the lock
and begins running. In this process, aide.db.new is truncated to zero
- I review the log from the manual aide run, find it ok, and copy the
(zero length) aide.db.new to aide.db.
=> boom, database lost.
I think it is the lesser evil to not have the cron job wait for the
aide lock and have it bomb out immediately.