security/py-fail2ban quits working after some hours

Mon, 10 Oct 2022 07:19:11 -0700 

[cc's to maintainer]

Hi,

this is a recent stable/13-n252672-2bd3dbe3dd6 running py39-fail2ban-1.0.1_2 
and python39-3.9.14

I have been running fail2ban for years now, but immediately after upgrading 
py39-fail2ban fron 0.11.2 to 1.0.1 the fail2ban-server will end up as a runaway 
process consuming all CPU time. This happens between 4 to 24 hours after 
initial fail2ban-server startup.

I have recompiled world, kernel and all ports, but I to no avail. I am able to 
reproduce this behaviour on two different host running the same OS et al.


After becoming a runaway process:
 
        root> /usr/local/etc/rc.d/fail2ban status
        fail2ban is running as pid 26487.

        root> ps Af | grep fail2ban
        26487  -  S    545:40.61 /usr/local/bin/python3.9 
/usr/local/bin/fail2ban-server --async -b -s /var/run/fail2ban/fail2ban.sock -p 
/var/run/fail2ban/fail2ban.pid --loglevel INFO --logtarget SYSLOG 
--syslogsocket auto

        root> /usr/local/etc/rc.d/fail2ban stop
        ^C
        2022-10-08 09:29:45,451 fail2ban                [1447]: WARNING Caught 
signal 2. Exiting

        root> kill -9 26487

        root> /usr/local/etc/rc.d/fail2ban start
        2022-10-08 09:30:30,776 fail2ban                [1609]: ERROR   
Fail2ban seems to be in unexpected state (not running but the socket exists)

        root> la /var/run/fail2ban/*
        -rw-------  1 root  wheel  uarch 6 Oct  7 21:26 
/var/run/fail2ban/fail2ban.pid
        srwx------  1 root  wheel  uarch 0 Oct  7 21:26 
/var/run/fail2ban/fail2ban.sock

        root> rm /var/run/fail2ban/*

        root> /usr/local/etc/rc.d/fail2ban start
        Server ready


So, whenever the server becomes a runaway process, it can only restarted by 
killing it hard, and after removing both pid and sock files.

Has anyone else run into this issue, or am I the only one so far? Couldn't find 
anything according this issue in the bugtrackers and on Google.




BTW: One glitch in fail2ban.conf file:

        # Option: allowipv6
        # Notes.: Allows IPv6 interface:
        #         Default: auto
        # Values: [ auto yes (on, true, 1) no (off, false, 0) ] Default: auto
        #allowipv6 = auto

This will result in a warning at start time:

        2022-10-08 09:30:51,520 fail2ban.configreader   [1633]: WARNING 
'allowipv6' not defined in 'Definition'. Using default one: 'auto'

After activating this entry to "allowipv6 = auto" those warnings disappear.

Regards,
Michael

Reply via email to