In this article you will learn a couple of methods on how to fix Fail2ban High Memory Usage problem.
There may be several reasons for Fail2ban consumption a very large amount of memory (in my case it was about 2,5 GB!). I will list some of the reasons and how to fix it.
Fail2ban High Memory Usage Most Common Reasons
- Very large amount of banned IPs
- Very long ban time in configuration
- Brute force attacks
- Fail2ban’s too large SQLite database
First of all try restart Fail2ban service if it didn’t help start dig problem First of all, try restarting the Fail2ban service, if that doesn’t work, start digging deeper.
Check every banned IPs for each jail you have: For example show banned IPs in sshd jail:
# fail2ban-client status sshd
Example output:
Fix Fail2ban’s Too Large SQLite database size
Fail2ban using SQLite database. Over time the SQLite database fail2ban.sqlite3 file can bloat. We can purge this file from config or delete manually.
Purge fail2ban.sqlite3 file
Fail2ban configuration file (/etc/fail2ban/fail2ban.conf) has parameter dbpurgeage. This parameter tells how time keep the date in database.
So you can decrease default (86400sec – 24hours) for example for 4 hours and set 14400 sec.
dbpurgeage = 14400
After changes in config restart Fail2ban
Delete fail2ban.sqlite3 file
Before manually delete fail2ban.sqlite3 file
Stop the Fail2ban service:
# /etc/init.d/fail2ban stop
Delete database file:
# rm /var/lib/fail2ban/fail2ban.sqlite3
Start the Fail2ban service:
# /etc/init.d/fail2ban start
Limit Fail2Ban Memory Usage
We can limit Fail2ban memory utilization.
To decrease the memory usage by Fail2ban, edit /etc/default/fail2ban file.
At the end of the file add:
ulimit -s 256
And restart Fail2Ban:
# /etc/init.d/fail2ban restart
I hope these tips helped you solve memory usage problem.
If you like what you are reading, please:
Buy me a coffee
