Symptoms
A notification email from Anacron job 'cron.daily' containing the error:
/etc/cron.daily/logrotate:
error: error opening /var/ossec/logs/active-responses.log-{date}: Permission denied
Description
The cause of the error is logrotated being unable to read or modify the mentioned log file. This is caused by the log file being owned by the 'root' user rather than the 'ossec' user:
[/var/ossec/logs]cPs# ll
total 12572
-rw-rw-r-- 1 ossec ossec 4531 Jan 10 06:22 active-responses.log
-rw-r--r-- 1 root ossec 7872 Oct 26 2019 active-responses.log-20191027
-rw------- 1 ossec ossec 78368 Nov 3 2019 active-responses.log-20191103
-rw-rw-r-- 1 ossec ossec 92348 Nov 10 2019 active-responses.log-20191110
The issue appears to affect systems with Imunify360 originally installed prior to October 2019.
Workaround
The error will output the affected file. To correct the issue, change the ownership to 'ossec', using the file specified in the email:
# chown ossec /var/ossec/logs/active-responses.log-20191027