Plesk & SocialBee have teamed up. Save 30% now!

Knowledge Base

High CPU utilization by Fail2ban on Plesk server

Symptoms

Fail2ban consumes a lot of CPU:
The /var/log/secure file has a big size and gets two new records each second:

# tail -fn0 /var/log/secure

Sep 22 05:50:17 srv su: pam_unix(su-l:session): session closed for user popuser
Sep 22 05:50:17 srv su: pam_unix(su-l:session): session opened for user popuser by (uid=0)
Sep 22 05:50:18 srv su: pam_unix(su-l:session): session closed for user popuser
Sep 22 05:50:18 srv su: pam_unix(su-l:session): session opened for user popuser by (uid=0)

Cause

Large size of the /var/log/secure file.

Resolution

Log in to Plesk.
Disable ssh jail in Tools & Settings > IP Address Banning (Fail2Ban) > Jails.
Wait until the completion of Daily Maintenance task, i.e. the output of the following command is empty:

# ps -auxwf | grep daily | grep -v grep
Execute the command below to rotate syslog files:

On CentOS/RHEL-based distributions:

# logrotate -f /etc/logrotate.d/syslog

On Debian/Ubuntu-based distributions:

# logrotate -f /etc/logrotate.d/rsyslog
Enable ssh jail in Tools & Settings > IP Address Banning (Fail2Ban) > Jails
Check the CPU usage of fail2ban service:

# top

Related Posts

Using Fail2ban to Secure Your Server

How to Avoid High CPU Load and Block Hackers and Bad Bots Effectively

Full Site Check now scans for Google Fonts

Knowledge Base

System logs on a Plesk server are not populating when the rsyslog package is not installed

AWStats page does not display images on Plesk server: AH01630: client denied by server configuration

Plesk server DNS zones are not synchronizing with slave DNS server: transfer failed while receiving responses: REFUSED

Website example.com shows webmail content instead of website content on Plesk server

Hosting Wiki