Applicable to:
- Plesk for Linux
Symptoms
-
Fail2ban consumes a lot of CPU:
-
The
/var/log/securefile has a big size and gets two new records each second:# tail -fn0 /var/log/secure
Sep 22 05:50:17 srv su: pam_unix(su-l:session): session closed for user popuser
Sep 22 05:50:17 srv su: pam_unix(su-l:session): session opened for user popuser by (uid=0)
Sep 22 05:50:18 srv su: pam_unix(su-l:session): session closed for user popuser
Sep 22 05:50:18 srv su: pam_unix(su-l:session): session opened for user popuser by (uid=0)
Cause
Large size of the /var/log/secure file.
Resolution
-
Disable ssh jail in Tools & Settings > IP Address Banning (Fail2Ban) > Jails.
-
Wait until the completion of Daily Maintenance task, i.e. the output of the following command is empty:
# ps -auxwf | grep daily | grep -v grep
-
Execute the command below to rotate syslog files:
On CentOS/RHEL-based distributions:
# logrotate -f /etc/logrotate.d/syslog
On Debian/Ubuntu-based distributions:
# logrotate -f /etc/logrotate.d/rsyslog
-
Enable ssh jail in Tools & Settings > IP Address Banning (Fail2Ban) > Jails
-
Check the CPU usage of fail2ban service:
# top
Comments
1 comment
Changed nothing
%CPU %MEM TIME+ COMMAND
115.6 0.1 6772:20 /usr/bin/python2 /usr/bin/fail2ban-server -xf start
Please sign in to leave a comment.