From nobody Mon Oct 10 20:42:19 2022
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MmW7N6f59z4dyTP
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Mon, 10 Oct 2022 20:42:24 +0000 (UTC)
	(envelope-from cy.schubert@cschubert.com)
Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "Client", Issuer "CA" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4MmW7M1qMqz3QB5;
	Mon, 10 Oct 2022 20:42:23 +0000 (UTC)
	(envelope-from cy.schubert@cschubert.com)
Received: from shw-obgw-4002a.ext.cloudfilter.net ([10.228.9.250])
	by cmsmtp with ESMTP
	id htyxoaQLtSp39hzbSoirCr; Mon, 10 Oct 2022 20:42:22 +0000
Received: from spqr.komquats.com ([70.66.148.124])
	by cmsmtp with ESMTPA
	id hzbPoRTwxzeTThzbQoUJw2; Mon, 10 Oct 2022 20:42:22 +0000
X-Authority-Analysis: v=2.4 cv=EY/b/dqC c=1 sm=1 tr=0 ts=634483ae
 a=Cwc3rblV8FOMdVN/wOAqyQ==:117 a=Cwc3rblV8FOMdVN/wOAqyQ==:17
 a=kj9zAlcOel0A:10 a=Qawa6l4ZSaYA:10 a=T_YFPyFoAAAA:8 a=YxBL1-UpAAAA:8
 a=6I5d2MoRAAAA:8 a=EkcXrb_YAAAA:8 a=WdifazIytjfrG42co54A:9 a=CjuIK1q_8ugA:10
 a=fKaBkT6cBtmegwcwHIDe:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22
 a=LK5xJRSDVpKd5WXXoEvA:22
Received: from slippy.cwsent.com (slippy [10.1.1.91])
	by spqr.komquats.com (Postfix) with ESMTP id 5A5601891;
	Mon, 10 Oct 2022 13:42:19 -0700 (PDT)
Received: by slippy.cwsent.com (Postfix, from userid 1000)
	id 4A3ED19F; Mon, 10 Oct 2022 13:42:19 -0700 (PDT)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev
Reply-to: Cy Schubert <Cy.Schubert@cschubert.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.cschubert.com/
To: Michael Grimm <trashcan@ellael.org>
cc: freeBSD ports <freebsd-ports@FreeBSD.org>,
    "cy@freebsd.org" <cy@FreeBSD.org>
Subject: Re: security/py-fail2ban quits working after some hours
In-reply-to: <6EF1B25D-3121-4FA1-BF47-DCE1FFD64A5E@ellael.org>
References: <6EF1B25D-3121-4FA1-BF47-DCE1FFD64A5E@ellael.org>
Comments: In-reply-to Michael Grimm <trashcan@ellael.org>
   message dated "Mon, 10 Oct 2022 16:18:46 +0200."
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 10 Oct 2022 13:42:19 -0700
Message-Id: <20221010204219.4A3ED19F@slippy.cwsent.com>
X-CMAE-Envelope: MS4xfEuwEvryP9ZjxY/UEzAR1Rmsy6ZRzkWVIeRQP+Teewj4h/jkp/JpBHDS2qi8WPlQge7Qd8RCL/kPn98/tiyXbMpiepwaFSLljX6ZvfmytyEaGR0Lvn49
 /ngveNWmE/6fywKMioE+3giFkrbVsOFWhtrRl3EOhRoIvk75gm7sZhXQM9GQ4fsSDnCSZHWZH4ZFKi/wmXKU69vBMbwE8Fi6AbB6toGTWE5y15pCVYmWrwkY
 eqTUoyssq7b+ldB3BJZ4Yu/O/KMnAz5gsk0le9BL0R8=
X-Rspamd-Queue-Id: 4MmW7M1qMqz3QB5
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=none;
	spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF policy when checking 3.97.99.33) smtp.mailfrom=cy.schubert@cschubert.com
X-Spamd-Result: default: False [-1.70 / 15.00];
	AUTH_NA(1.00)[];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.999];
	NEURAL_HAM_LONG(-1.00)[-0.999];
	MV_CASE(0.50)[];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[3.97.99.33:from];
	FROM_HAS_DN(0.00)[];
	R_SPF_NA(0.00)[no SPF record];
	MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org];
	ARC_NA(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	R_DKIM_NA(0.00)[];
	ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US];
	RCPT_COUNT_THREE(0.00)[3];
	TO_DN_EQ_ADDR_SOME(0.00)[];
	RCVD_COUNT_FIVE(0.00)[5];
	DMARC_NA(0.00)[cschubert.com: no valid DMARC record];
	REPLYTO_EQ_FROM(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	TO_DN_SOME(0.00)[];
	HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]
X-ThisMailContainsUnwantedMimeParts: N

In message <6EF1B25D-3121-4FA1-BF47-DCE1FFD64A5E@ellael.org>, Michael Grimm 
wri
tes:
> [cc's to maintainer]
>
> Hi,
>
> this is a recent stable/13-n252672-2bd3dbe3dd6 running =
> py39-fail2ban-1.0.1_2 and python39-3.9.14
>
> I have been running fail2ban for years now, but immediately after =
> upgrading py39-fail2ban fron 0.11.2 to 1.0.1 the fail2ban-server will =
> end up as a runaway process consuming all CPU time. This happens between =
> 4 to 24 hours after initial fail2ban-server startup.
>
> I have recompiled world, kernel and all ports, but I to no avail. I am =
> able to reproduce this behaviour on two different host running the same =
> OS et al.
>
>
> After becoming a runaway process:
> =20
> 	root> /usr/local/etc/rc.d/fail2ban status
> 	fail2ban is running as pid 26487.
>
> 	root> ps Af | grep fail2ban
> 	26487  -  S    545:40.61 /usr/local/bin/python3.9 =
> /usr/local/bin/fail2ban-server --async -b -s =
> /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid =
> --loglevel INFO --logtarget SYSLOG --syslogsocket auto

The only difference between mine is --logtarget is a file.

>
> 	root> /usr/local/etc/rc.d/fail2ban stop
> 	^C
> 	2022-10-08 09:29:45,451 fail2ban                [1447]: WARNING =
> Caught signal 2. Exiting
>
> 	root> kill -9 26487
>
> 	root> /usr/local/etc/rc.d/fail2ban start
> 	2022-10-08 09:30:30,776 fail2ban                [1609]: ERROR   =
> Fail2ban seems to be in unexpected state (not running but the socket =
> exists)
>
> 	root> la /var/run/fail2ban/*
> 	-rw-------  1 root  wheel  uarch 6 Oct  7 21:26 =
> /var/run/fail2ban/fail2ban.pid
> 	srwx------  1 root  wheel  uarch 0 Oct  7 21:26 =
> /var/run/fail2ban/fail2ban.sock
>
> 	root> rm /var/run/fail2ban/*
>
> 	root> /usr/local/etc/rc.d/fail2ban start
> 	Server ready
>
>
> So, whenever the server becomes a runaway process, it can only restarted =
> by killing it hard, and after removing both pid and sock files.

This isn't enough information to diagnose the problem. See below.

>
> Has anyone else run into this issue, or am I the only one so far? =
> Couldn't find anything according this issue in the bugtrackers and on =
> Google.

I've been running this version for over a week without issue.

>
>
>
>
> BTW: One glitch in fail2ban.conf file:
>
> 	# Option: allowipv6
> 	# Notes.: Allows IPv6 interface:
> 	#         Default: auto
> 	# Values: [ auto yes (on, true, 1) no (off, false, 0) ] Default: =
> auto
> 	#allowipv6 =3D auto

This won't cause looping.

>
> This will result in a warning at start time:
>
> 	2022-10-08 09:30:51,520 fail2ban.configreader   [1633]: WARNING =
> 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
>
> After activating this entry to "allowipv6 =3D auto" those warnings =
> disappear.

Can you answer a few questions, please?

1. What does uname -a say?

2. Was fail2ban built from ports or did you pkg upgrade?

3. What other ports/packages are installed?

4. Which filters are you using? Have you modified any? Or have you written 
your own?

5. Which actions are you using? Have you modified them? Or have you written 
your own?

6. When fail2ban loops, instead of simply killing it, run truss. You can do 
this by:

	truss -faeD -o fail2ban.truss -p THE_TRUSS_PID


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0