Package: fail2ban
Version: 0.11.2-6
Severity: normal
Tags: patch
Hi,
fail2ban (since 0.11) automatically cleans up stale entries in its
database, by default daily. However, the sqlite database is not
vacuum'ed so the file size on disk is not reduced after this. On one of
my systems, the database file was > 1 GB in size while after vacuum only
a 1 M remained, so it really was growing way to large.
The attached patch installs a weekly cronjob to perform the vacuum.
I've also submitted it as a merge request on salsa.
Kind regards,
Thijs Kinkhorst
diff -Nru fail2ban-0.11.2/debian/control fail2ban-0.11.2/debian/control
--- fail2ban-0.11.2/debian/control 2022-03-10 21:52:59.000000000 +0000
+++ fail2ban-0.11.2/debian/control 2022-04-22 09:14:01.000000000 +0000
@@ -21,8 +21,8 @@
Package: fail2ban
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends}, lsb-base
-Recommends: nftables | iptables, whois, python3-pyinotify, python3-systemd
-Suggests: mailx, system-log-daemon, monit, sqlite3
+Recommends: nftables | iptables, whois, sqlite3, python3-pyinotify,
python3-systemd
+Suggests: mailx, system-log-daemon, monit
Description: ban hosts that cause multiple authentication errors
Fail2ban monitors log files (e.g. /var/log/auth.log,
/var/log/apache/access.log) and temporarily or persistently bans
diff -Nru fail2ban-0.11.2/debian/cron.weekly fail2ban-0.11.2/debian/cron.weekly
--- fail2ban-0.11.2/debian/cron.weekly 1970-01-01 00:00:00.000000000 +0000
+++ fail2ban-0.11.2/debian/cron.weekly 2022-04-22 09:13:51.000000000 +0000
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+sqlite="/usr/bin/sqlite3"
+database="/var/lib/fail2ban/fail2ban.sqlite3"
+
+[ -x $sqlite ] && [ -f $database ] || exit 0
+
+$sqlite $database "VACUUM;"
