Re: Request for testing: fail2ban 1.0.1 update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/14/22 13:07, Richard Shaw wrote:
Interestingly, I did not have any issues, but I'm only running a sshd jail, which is one of the reasons I wanted wider testing.
I verified that fail2ban was restarted (systemctl status fail2ban) and then checked the status (fail2ban-client status sshd) and everything was fine.
I also did a tail -f on both the ssh log and the fail2ban log for a couple of days and everything seemed fine.
I just checked fail2ban and it was once again pegged at 100% cpu and had missed several things I look for in the apache logs. systemctl stop does not work and I have to manually kill the process. FWIW, I ran an strace on the fail2ban-server process and it produces the following output that goes on until I stop the strace:
futex(0x7f819854cac8, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=105267, tv_nsec=807769996}, FUTEX_BITSET_MATCH_ANY) = -1 ETIMEDOUT (Connection timed out) 

futex(0x7f819854cad0, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0x7f819854cac8, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=105267, tv_nsec=812963592}, FUTEX_BITSET_MATCH_ANY) = -1 ETIMEDOUT (Connection timed out) 

futex(0x7f819854cad0, FUTEX_WAKE_PRIVATE, 1) = 0
After this I disabled all jails and restarted fail2ban. Then one by one I enabled them in jail.local. After enabling a jail I did a fail2ban-client add, then a fail2ban-client start and a fail2ban-cleint restart. The latter is what allowed it reban past events. Everything went fine as I reenabled my sshd and all the various apache jails. Finally, I did my dovecot jail. Bang! As soon as I did the fail2ban restart on it the fail2ban server process went to 100%. Right now I assume something is wrong with the dovecot jail.
I then stopped fail2ban. I disabled just the dovecot jail and restarted fail2ban. It seems to be working as expected. I'll let it run overnight and check in in the morning. Then I'll see if I can figure it out. At first glance the latest fail2ban dovecot.conf has a new macro called _auth_worker_info. There may be more but I'll check that more thoroughly tomorrow. Maybe just restore the older doveconf.conf from a backup and see if it works. 

Charlie
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux