Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

High CPU usage 130% of a CPU for fail2ban due to epoch datetime retrieval errors

Persistent overseas network attacks being performed on my system without my permission inclined me to install fail2ban since cphulkd does not ban ips. I am monitoring a few services for unwelcome penetration attempts. Once the service was started, I noticed it was using extremely high CPU resources. 22 emails after the startup discloses that the SSH server jail is stopped and started.

Here is my fail2ban.conf http://pastebin.com/ptCLmpqm

my jail.conf http://pastebin.com/KDdmTSCL note my email are obscured for obvious security & spam reasons

fail2ban log pastebin(dot)com/rq0cqm9J

like image 869
Sever Neacsu MCHub.ca CEO Avatar asked Dec 05 '14 16:12

Sever Neacsu MCHub.ca CEO


1 Answers

In my case, I was running fail2ban only for sshd. My /var/log/auth.log file was huge and configured to rotate only weekly.

I setup daily rotation (and forced the rotation to run immediately, which triggered a permission error).

This did not fix things until I also

  • Stopped fail2ban
  • Deleted /var/lib/fail2ban/fail2ban.sqlite3
  • Started fail2ban

With those steps,

sudo fail2ban-client status sshd

showed bans within a few minutes.

like image 130
Eric J. Avatar answered Sep 26 '22 05:09

Eric J.