I’ve been hacking Linux for years, and today is the first time that I came across anacron. So one lives and learns…
One of my fellow OCEF volunteers keeps receiving the following email message, even after he removed fail2ban:
logrotate_script: 2: logrotate_script: fail2ban-client: not found
error: error running non-shared postrotate script for /var/log/fail2ban.log of ‘/var/log/fail2ban.log ‘
run-parts: /etc/cron.daily/logrotate exited with return code 1
It turned out this server’s log files rotation is handled by anacron job. Even though fail2ban service has been removed, there is still a configuration file, fail2ban, under /etc/logrotate.d/
fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null
# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 640 root adm
Removing this file took care of it.