Applicable to:
- Plesk for Linux
Symptoms
-
Fail2ban consumes a lot of CPU:
-
The
/var/log/secure
file has a big size and gets two new records each second:# tail -fn0 /var/log/secure
Sep 22 05:50:17 srv su: pam_unix(su-l:session): session closed for user popuser
Sep 22 05:50:17 srv su: pam_unix(su-l:session): session opened for user popuser by (uid=0)
Sep 22 05:50:18 srv su: pam_unix(su-l:session): session closed for user popuser
Sep 22 05:50:18 srv su: pam_unix(su-l:session): session opened for user popuser by (uid=0)
Cause
Large size of the /var/log/secure
file.
Resolution
-
Disable ssh jail in Tools & Settings > IP Address Banning (Fail2Ban) > Jails.
-
Wait until the completion of Daily Maintenance task, i.e. the output of the following command is empty:
# ps -auxwf | grep daily | grep -v grep
-
Execute the command below to rotate syslog files:
On CentOS/RHEL-based distributions:
# logrotate -f /etc/logrotate.d/syslog
On Debian/Ubuntu-based distributions:
# logrotate -f /etc/logrotate.d/rsyslog
-
Enable ssh jail in Tools & Settings > IP Address Banning (Fail2Ban) > Jails
-
Check the CPU usage of fail2ban service:
# top
Comments
0 comments
Please sign in to leave a comment.