Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
 Post subject:
PostPosted: Tue Jul 20, 2010 1:52 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
I solved, in case it will help some lazy peple here the jail.conf settings:
Code:
[pma]

enabled = true
filter = pma
action =  iptables-multiport[name=apache, port=http]
logpath = /yourpath/*access_log

[pma_ssl]

enabled = true
filter = pma
action =  iptables-multiport[name=apache, port=https]
logpath = /yourpath/*access_log


and this for pma.conf filter
Code:
[Definition]
# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching.
# Values:  TEXT
#
failregex = <HOST> -.*"GET \/phpmyadmin\/ HTTP.*" 401 (885|981)
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =



Top
   
 Post subject:
PostPosted: Fri Jul 23, 2010 6:17 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
Reading from my graphs I can see that since I enabled fail2ban
my average CPU increased of a 0.50%...

Have you noticed the same?

PS (My log isn't so big because I rotate it everyday after backup them)...


Top
   
 Post subject:
PostPosted: Fri Jul 23, 2010 10:37 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
Using things that will use more CPU will tend to cause your system to use more CPU.


Top
   
 Post subject:
PostPosted: Sat Jul 24, 2010 5:12 am 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
hoopycat wrote:
Using things that will use more CPU will tend to cause your system to use more CPU.


0.50% had seemed quite a big increase for a service like that,
ok no problem, it works good...
thanks.


Top
   
 Post subject:
PostPosted: Sat Jul 24, 2010 5:19 am 
Offline
Senior Member

Joined: Sun Aug 31, 2008 4:29 pm
Posts: 177
I only use it for dovecot and the amount of cpu time used is minimal.

Use 'top' then shift-t (to sort by cpu time) to see the usage picture for your server.


Top
   
 Post subject:
PostPosted: Sat Jul 24, 2010 5:28 am 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
sleddog wrote:
I only use it for dovecot and the amount of cpu time used is minimal.

Use 'top' then shift-t (to sort by cpu time) to see the usage picture for your server.


yes with the configuration I setted:
apache
php injection
dovecot
ssh
phpmyadmin
squirrelmail

it eats a lot of cpu, I don't like to waste resources, specially when they are shared.
probably I need to remove some filter...


Top
   
 Post subject:
PostPosted: Sat Jul 24, 2010 12:38 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
every filter adds some work for CPU,
also by using only dovecot CPU never goes in idle,
with all filters enabled (the one I mentioned previously)
it eats 0.50, with dovecot only about 0.30%...

I can see a +0.50% from dashboard in the average cpu load, 0.50% it's quite impressive...

EDIT: 0.50 isn't referred to the 0.50 I thought, I mean the output of uptime command.
0.50 is really 0.50% of 100% available of a quad core.

ok this is really reasonable, I will enable all the filter again :)
Now I also optimized the regular expressions to makes better matching and reduce cpu usage a little, it worked good on heavy load.

Benchmarking linode I noticed that with 50 connections fail2ban increased less than 0.7/10 on my quad core cpu load, ok, it's reasonable...

Thanks to all, I finished writing on this thread :)
bye.


Top
   
 Post subject:
PostPosted: Sat Jul 24, 2010 4:27 pm 
Offline
Senior Member
User avatar

Joined: Tue Nov 24, 2009 1:59 pm
Posts: 362
The "load average" displayed by uptime is something completely different than "CPU load"!


Top
   
 Post subject:
PostPosted: Sat Jul 24, 2010 4:28 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
rsk wrote:
The "load average" displayed by uptime is something completely different than "CPU load"!


ok ok, I understood it now, thanks. :)


Top
   
 Post subject:
PostPosted: Mon Jul 26, 2010 9:18 am 
Offline
Senior Member

Joined: Wed Jun 16, 2010 8:22 pm
Posts: 61
Website: http://www.kevinmccaughey.org
Have you thought about not using usernames and passwords at all and using keys instead? This is what I do. I also have all ports disabled by default and only the ports I need open. Oh, and fail2ban works well too.


Top
   
 Post subject:
PostPosted: Mon Jul 26, 2010 9:20 am 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
tentimes wrote:
Have you thought about not using usernames and passwords at all and using keys instead? This is what I do. I also have all ports disabled by default and only the ports I need open. Oh, and fail2ban works well too.


Do you have key only for squirrelmail, phpmyadmin, apache auth and you have disabled their ports?


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group