security/py-fail2ban quits working after some hours

Reply: Cy Schubert : "Re: security/py-fail2ban quits working after some hours"
Reply: Michael Grimm : "Re: security/py-fail2ban quits working after some hours"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Michael Grimm <trashcan_at_ellael.org>
Date: Mon, 10 Oct 2022 14:18:46 UTC

[cc's to maintainer]

Hi,

this is a recent stable/13-n252672-2bd3dbe3dd6 running py39-fail2ban-1.0.1_2 and python39-3.9.14

I have been running fail2ban for years now, but immediately after upgrading py39-fail2ban fron 0.11.2 to 1.0.1 the fail2ban-server will end up as a runaway process consuming all CPU time. This happens between 4 to 24 hours after initial fail2ban-server startup.

I have recompiled world, kernel and all ports, but I to no avail. I am able to reproduce this behaviour on two different host running the same OS et al.


After becoming a runaway process:
 
	root> /usr/local/etc/rc.d/fail2ban status
	fail2ban is running as pid 26487.

	root> ps Af | grep fail2ban
	26487  -  S    545:40.61 /usr/local/bin/python3.9 /usr/local/bin/fail2ban-server --async -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid --loglevel INFO --logtarget SYSLOG --syslogsocket auto

	root> /usr/local/etc/rc.d/fail2ban stop
	^C
	2022-10-08 09:29:45,451 fail2ban                [1447]: WARNING Caught signal 2. Exiting

	root> kill -9 26487

	root> /usr/local/etc/rc.d/fail2ban start
	2022-10-08 09:30:30,776 fail2ban                [1609]: ERROR   Fail2ban seems to be in unexpected state (not running but the socket exists)

	root> la /var/run/fail2ban/*
	-rw-------  1 root  wheel  uarch 6 Oct  7 21:26 /var/run/fail2ban/fail2ban.pid
	srwx------  1 root  wheel  uarch 0 Oct  7 21:26 /var/run/fail2ban/fail2ban.sock

	root> rm /var/run/fail2ban/*

	root> /usr/local/etc/rc.d/fail2ban start
	Server ready


So, whenever the server becomes a runaway process, it can only restarted by killing it hard, and after removing both pid and sock files.

Has anyone else run into this issue, or am I the only one so far? Couldn't find anything according this issue in the bugtrackers and on Google.




BTW: One glitch in fail2ban.conf file:

	# Option: allowipv6
	# Notes.: Allows IPv6 interface:
	#         Default: auto
	# Values: [ auto yes (on, true, 1) no (off, false, 0) ] Default: auto
	#allowipv6 = auto

This will result in a warning at start time:

	2022-10-08 09:30:51,520 fail2ban.configreader   [1633]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'

After activating this entry to "allowipv6 = auto" those warnings disappear.

Regards,
Michael