Bug#481265: marked as done (fail2ban: Poll interval is not configurable)

Tue, 31 Jul 2012 18:51:22 -0700 

Your message dated Wed, 01 Aug 2012 01:47:10 +0000
with message-id <[email protected]>
and subject line Bug#481265: fixed in fail2ban 0.8.7-1
has caused the Debian Bug report #481265,
regarding fail2ban: Poll interval is not configurable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
481265: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481265
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: fail2ban
Version: 0.7.5-2etch1
Severity: minor

It's not possible to set the poll interval. 
On my light server, fail2ban is continuously running, generating 80% of
CPU wakeup according to powertop.

I have 7 process to monitor ssh and exim, as following:

 6068 python2.4 /usr/bin/fail2ban-server -b -s /var/run/fail2ban.sock
 6069  \_ python2.4 /usr/bin/fail2ban-server -b -s /var/run/fail2ban.sock
 6070      \_ python2.4 /usr/bin/fail2ban-server -b -s /var/run/fail2ban.sock
 6114      \_ python2.4 /usr/bin/fail2ban-server -b -s /var/run/fail2ban.sock
 6115      \_ python2.4 /usr/bin/fail2ban-server -b -s /var/run/fail2ban.sock
 6120      \_ python2.4 /usr/bin/fail2ban-server -b -s /var/run/fail2ban.sock
 6121      \_ python2.4 /usr/bin/fail2ban-server -b -s /var/run/fail2ban.sock

6068 is running continously (strace):
        gettimeofday({1210801673, 533845}, NULL) = 0
        select(0, NULL, NULL, NULL, {0, 50000}) = 0 (Timeout)
with a timeout of 50000µs, or 0,05 seconds, it's fired 20 times per seconds

6069 is better, only every other second
        getppid()                               = 6068
        poll([{fd=4, events=POLLIN}], 1, 2000)  = 0
timeout is 2000ms, or 2 seconds; it's better, but what is it doing?

6070 is once a second
        poll([{fd=3, events=POLLIN}], 1, 1000)  = 0
timeout is 1000ms or 1 sec

6114, 6115, 6120, 6121 are also once a second
        stat64("/var/log/exim/mainlog", {st_mode=S_IFREG|0640, st_size=442383, 
...}) = 0
        select(0, NULL, NULL, NULL, {1, 0})     = 0 (Timeout)
timeout is 1 second.

So I have 20 + 0.5 + 1 + 4x1 = 25.5 CPU wake-up every second to monitor 2
files; I think it's a bit too high and I expect it to be configurable to
about 1 wakeup for 5 seconds or 15 seconds.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable'), (100, 'oldstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.25.3.skc3
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Versions of packages fail2ban depends on:
ii  iptables                1.3.6.0debian1-5 administration tools for packet fi
ii  lsb-base                3.1-23.2etch1    Linux Standard Base 3.1 init scrip
ii  python                  2.4.4-2          An interactive high-level object-o
ii  python-central          0.5.12           register and build utility for Pyt
ii  python2.4               2.4.4-3+etch1    An interactive high-level object-o

fail2ban recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: fail2ban
Source-Version: 0.8.7-1

We believe that the bug you reported is fixed in the latest version of
fail2ban, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yaroslav Halchenko <[email protected]> (supplier of updated fail2ban 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 31 Jul 2012 16:51:40 -0400
Source: fail2ban
Binary: fail2ban
Architecture: source all
Version: 0.8.7-1
Distribution: experimental
Urgency: low
Maintainer: Yaroslav Halchenko <[email protected]>
Changed-By: Yaroslav Halchenko <[email protected]>
Description: 
 fail2ban   - ban hosts that cause multiple authentication errors
Closes: 333557 481265 514239 598109 604843 616803 648020 653074 657286 669063 
672228 676146
Changes: 
 fail2ban (0.8.7-1) experimental; urgency=low
 .
   * New upstream release:
     - inotify backend is supported (and the default if pyinotify is present).
       It should bring number of wakeups to minimum (Closes: #481265)
     - usedns jail.conf parameter to disable reverse DNS mapping to
       avoid of DoS (see #588431, #514239 for related discussions)
     - enforces non-unicode logging (Closes: #657286)
     - new jail "recidive" to ban repeated offenders (Closes: #333557)
     - catch failed ssh logins due to being listed in DenyUsers (Closes: 
#669063)
     - document in config/*.conf on how to inline comments (Closes: #676146)
     - match possibly present "pam_unix(sshd:auth):" portion for sshd
       (Closes: #648020)
     - wu-ftpd: added failregex for use against syslog. Switch to monitor syslog
       (instead of auth.log) by default (Closes: #514239)
     - anchor chain name in actioncheck's for iptables actions (Closes: #672228)
   * debian/jail.conf:
     - adopted few jails from "upstreams" jail.conf: asterisk, recidive,
       lighttpd, php-url-open
     - provide instructions in jail.conf on how to comment (Closes: #676146)
       Thanks Stefano Forli for a report
   * debian/fail2ban.init:
     - Should-(start|stop): iptables-persistent (Closes: #598109),
       ferm (Closes: #604843)
     - 'status' exits with code 3 if fail2ban is not running (Closes: #653074)
       Thanks Glenn Aaldering for the patch
   * debian/source:
     - switch to 3.0 (quilt) format
   * debian/control,rules:
     - switch to use dh_python2 (Closes: #616803)
     - boost policy compliance to 3.9.3
     - recommend python-pyinotify and only suggest python-gamin
Checksums-Sha1: 
 e2111e7d537d36f9980e23175e62e8d21c7ff6be 1190 fail2ban_0.8.7-1.dsc
 44cd6e29dc54e300e2581104f99d87763c7d7e42 122505 fail2ban_0.8.7.orig.tar.gz
 1addea3b04a2b7b850431a83775fdf9f6da033d8 29327 fail2ban_0.8.7-1.debian.tar.gz
 b4e6988395db1f13fb4b22b47173dc69979aee13 110388 fail2ban_0.8.7-1_all.deb
Checksums-Sha256: 
 ea8788f1fe931d8da7c2d67f08f127da8895ff21648a1cab80082e8ffe7dde53 1190 
fail2ban_0.8.7-1.dsc
 7549ea38ffa3755a41145cc3ecc1149e025465b4db3c3ceed9e59b30903d35e6 122505 
fail2ban_0.8.7.orig.tar.gz
 c488798420314b2a37ea20d7d431484f638135f14f6133e334a6230c99739229 29327 
fail2ban_0.8.7-1.debian.tar.gz
 70524db89972550bcd24b4c2d61286017628fc30e49fc1029fc66b430fcd24aa 110388 
fail2ban_0.8.7-1_all.deb
Files: 
 333dd1321b92151a05f7792c2067bbf2 1190 net optional fail2ban_0.8.7-1.dsc
 ab7ad37439ca9e4d92d97325b10d85ff 122505 net optional fail2ban_0.8.7.orig.tar.gz
 ae2f2d569e1274d5f30e9a3c72861c0b 29327 net optional 
fail2ban_0.8.7-1.debian.tar.gz
 cf95cf7bba199160298d948cf30c4ee5 110388 net optional fail2ban_0.8.7-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlAYhjwACgkQjRFFY3XAJMg15QCePMCq9AFHgkgVo34DTAoJt96W
CsUAoNTK8OE+mgS9hvAWiKdhARAMQhnt
=VEf6
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to