High CPU usage 130% of a CPU for fail2ban due to epoch datetime retrieval errors

date debugging ssh epoch fail2ban
Sever Neacsu MCHub.ca CEO picture Sever Neacsu MCHub.ca CEO · Dec 5, 2014 · Viewed 6.9k times · Source

Persistent overseas network attacks being performed on my system without my permission inclined me to install fail2ban since cphulkd does not ban ips. I am monitoring a few services for unwelcome penetration attempts. Once the service was started, I noticed it was using extremely high CPU resources. 22 emails after the startup discloses that the SSH server jail is stopped and started.

Here is my fail2ban.conf http://pastebin.com/ptCLmpqm

my jail.conf http://pastebin.com/KDdmTSCL note my email are obscured for obvious security & spam reasons

fail2ban log pastebin(dot)com/rq0cqm9J

Answer

Eric J. picture Eric J. · Jan 11, 2017

In my case, I was running fail2ban only for sshd. My /var/log/auth.log file was huge and configured to rotate only weekly.

I setup daily rotation (and forced the rotation to run immediately, which triggered a permission error).

This did not fix things until I also

  • Stopped fail2ban
  • Deleted /var/lib/fail2ban/fail2ban.sqlite3
  • Started fail2ban

With those steps, 

sudo fail2ban-client status sshd

showed bans within a few minutes.

Related questions

How to format a JavaScript date

In JavaScript, how can I format a date object to print as 10-Aug-2010?

Read More
How do you get a timestamp in JavaScript?

How can I get a timestamp in JavaScript? Something similar to Unix timestamp, that is, a single number that represents the current time and date. Either as a number or a string.

Read More
How do I get the current date in JavaScript?

How do I get current date in JavaScript?

Read More