Date: Mon, 10 Oct 2022 16:18:46 +0200 From: Michael Grimm <trashcan@ellael.org> To: freeBSD ports <freebsd-ports@FreeBSD.org> Cc: "cy@freebsd.org" <cy@FreeBSD.org> Subject: security/py-fail2ban quits working after some hours Message-ID: <6EF1B25D-3121-4FA1-BF47-DCE1FFD64A5E@ellael.org>
next in thread | raw e-mail | index | archive | help
[cc's to maintainer] Hi, this is a recent stable/13-n252672-2bd3dbe3dd6 running = py39-fail2ban-1.0.1_2 and python39-3.9.14 I have been running fail2ban for years now, but immediately after = upgrading py39-fail2ban fron 0.11.2 to 1.0.1 the fail2ban-server will = end up as a runaway process consuming all CPU time. This happens between = 4 to 24 hours after initial fail2ban-server startup. I have recompiled world, kernel and all ports, but I to no avail. I am = able to reproduce this behaviour on two different host running the same = OS et al. After becoming a runaway process: =20 root> /usr/local/etc/rc.d/fail2ban status fail2ban is running as pid 26487. root> ps Af | grep fail2ban 26487 - S 545:40.61 /usr/local/bin/python3.9 = /usr/local/bin/fail2ban-server --async -b -s = /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid = --loglevel INFO --logtarget SYSLOG --syslogsocket auto root> /usr/local/etc/rc.d/fail2ban stop ^C 2022-10-08 09:29:45,451 fail2ban [1447]: WARNING = Caught signal 2. Exiting root> kill -9 26487 root> /usr/local/etc/rc.d/fail2ban start 2022-10-08 09:30:30,776 fail2ban [1609]: ERROR = Fail2ban seems to be in unexpected state (not running but the socket = exists) root> la /var/run/fail2ban/* -rw------- 1 root wheel uarch 6 Oct 7 21:26 = /var/run/fail2ban/fail2ban.pid srwx------ 1 root wheel uarch 0 Oct 7 21:26 = /var/run/fail2ban/fail2ban.sock root> rm /var/run/fail2ban/* root> /usr/local/etc/rc.d/fail2ban start Server ready So, whenever the server becomes a runaway process, it can only restarted = by killing it hard, and after removing both pid and sock files. Has anyone else run into this issue, or am I the only one so far? = Couldn't find anything according this issue in the bugtrackers and on = Google. BTW: One glitch in fail2ban.conf file: # Option: allowipv6 # Notes.: Allows IPv6 interface: # Default: auto # Values: [ auto yes (on, true, 1) no (off, false, 0) ] Default: = auto #allowipv6 =3D auto This will result in a warning at start time: 2022-10-08 09:30:51,520 fail2ban.configreader [1633]: WARNING = 'allowipv6' not defined in 'Definition'. Using default one: 'auto' After activating this entry to "allowipv6 =3D auto" those warnings = disappear. Regards, Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6EF1B25D-3121-4FA1-BF47-DCE1FFD64A5E>