If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an hour - timeout if fail2ban cannot connect to the internet.
(I usually stop the machine with the power-button, re-boot into a different OS (Fedora) and chkconfig off fail2ban.)
This only occurs once or twice a year, so I don't worry about it much; but I was wondering if there is a timeout that I can change somewhere in the fail2ban setup?
On 03/18/2012 12:17 PM, Timothy Murphy wrote:
If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an hour - timeout if fail2ban cannot connect to the internet.
Just a wild guess but could it be that fail2ban is trying to resolve all the IP addresses in it's database? Iirc there is a config option called use_dns. Try setting it to "no" or "warn".
Regards, Patrick
Patrick Lists wrote:
If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an hour - timeout if fail2ban cannot connect to the internet.
Just a wild guess but could it be that fail2ban is trying to resolve all the IP addresses in it's database? Iirc there is a config option called use_dns. Try setting it to "no" or "warn".
Thanks for the suggestion. But I couldn't find any option like that anywhere below /etc/fail2ban in fail2ban-0.8.4-28.el6 .
On 03/18/2012 02:08 PM, Timothy Murphy wrote:
Patrick Lists wrote:
If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an hour - timeout if fail2ban cannot connect to the internet.
Just a wild guess but could it be that fail2ban is trying to resolve all the IP addresses in it's database? Iirc there is a config option called use_dns. Try setting it to "no" or "warn".
Thanks for the suggestion. But I couldn't find any option like that anywhere below /etc/fail2ban in fail2ban-0.8.4-28.el6 .
More info on the wiki: http://www.fail2ban.org/wiki/index.php/Hostnames_or_IP_Addresses
Regards, Patrick
Patrick Lists wrote:
Just a wild guess but could it be that fail2ban is trying to resolve all the IP addresses in it's database? Iirc there is a config option called use_dns. Try setting it to "no" or "warn".
Thanks for the suggestion. But I couldn't find any option like that anywhere below /etc/fail2ban in fail2ban-0.8.4-28.el6 .
More info on the wiki: http://www.fail2ban.org/wiki/index.php/Hostnames_or_IP_Addresses
Thanks very much. I'll see if changing the logfile has any effect, and if it doesn't I'll add "use_dns = no" to the config file.
Hi Timothy,
fail2ban will go through all defined logfiles during startup. If they are large, it will take some time. You may be able to speed that process up by installing a file alteration monitor like gamut. fail2ban will use it if it finds it.
Thomas Göttgens wrote:
fail2ban will go through all defined logfiles during startup. If they are large, it will take some time. You may be able to speed that process up by installing a file alteration monitor like gamut. fail2ban will use it if it finds it.
Thanks very much for your response. I see the logfile is defined in /etc/fail2ban/fail2ban.conf as SYSLOG. This can get very large. I've changed the fail2ban logfile to /var/log/fail2ban.log and will see if that makes any difference.
My server is in Italy (where I am at the moment) and I don't think this is the time for electric storms, so hopefully the issue won't arise any day soon!
-
Patrick Lists -
Thomas Göttgens -
Timothy Murphy