fail2ban 100% cpu...
I always used fail2ban without any problems, today I noticed after an update
that fail2ban is pushing one of my eight core to 100%.
is there someone experiencing this problem?
any idea?
10 Replies
Unless you have password authentication turned on with guessable user names and passwords it doesn't improve security. At best it delays attackers and gives you a false sense of security. If you want to stop password guessing attempts flooding your logs then set up connection rate limiting with iptables. Iptables is fast, kernel level, memory efficient niceness, and doesn't require daemons that go bananas and kill your CPU.
@sednet:
My idea would be to remove fail2ban.
Unless you have password authentication turned on with guessable user names and passwords it doesn't improve security. At best it delays attackers and gives you a false sense of security. If you want to stop password guessing attempts flooding your logs then set up connection rate limiting with iptables. Iptables is fast, kernel level, memory efficient niceness, and doesn't require daemons that go bananas and kill your CPU.
I have password auth on cacti, phpMyAdmin and squirrelmail.
I solved the 100% by forcing logrotate, too many logs to inspect
@obs:
Bind cacti, phpmyadmin and squirrel mail to localhost and access them over an ssh tunnel. Far more secure
;)
I don't need nasa security, I need a secure system only.
Putting squirrelmail or even phpmyadmin accessible only via ssh tunnel is a nonsense.
Webmail is useful if accessible from everywhere using a browser only, phpmyadmin is something similar.
@sblantipodi:
@obs:Bind cacti, phpmyadmin and squirrel mail to localhost and access them over an ssh tunnel. Far more secure
;) I don't need nasa security, I need a secure system only.
Putting squirrelmail or even phpmyadmin accessible only via ssh tunnel is a nonsense.
Webmail is useful if accessible from everywhere using a browser only, phpmyadmin is something similar.
There have been some serious security holes in phpmyadmin that could possibly be used to execute arbitrary php on your server. Phpmyadmin really should not be exposed to the internet, accessing it over a SSH tunnel instead isn't a bad idea. Squirrelmail should be safe as long as you use it over SSL and trust every machine you type your password into.
Just so in order to hit security holes in the app, they first need to also hit a security hole in Apache.
@sblantipodi:
Webmail is useful if accessible from everywhere using a browser only, phpmyadmin is something similar.
If you don't like the ideas suggested, at least consider moving the phpmyadmin URL to something less guessable. These instructions
@sblantipodi:
@obs:Bind cacti, phpmyadmin and squirrel mail to localhost and access them over an ssh tunnel. Far more secure
;) I don't need nasa security, I need a secure system only.
Security is not just for space travel
@zunzun:
http://www.urbandictionary.com/define.php?term=Osterize
Given that it's Urban Dictionary, the practice described (while still NSFW) was relatively tame compared to what I was expecting them to come up with for this:
![](