Last Modified: Feb 28, 2020
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.1.0
Opened: Sep 12, 2019
Severity: 2-Critical
PRX.BRUTE_FORCE_* db tables do not have a row_limit, so they can grow to consume all available disk space in /var/lib/mysql.
/var/lib/mysql can run out of disk space
ASM provisioned
1. Truncate the two large tables. This clears all the row in those table and should make disk space. Note that existing brute force username and IPs reporting data will be lost. # mysql -u root -p$(perl -MPassCrypt -nle 'print PassCrypt::decrypt_password($_)' /var/db/mysqlpw) -e "TRUNCATE TABLE PRX.BRUTE_FORCE_MITIGATED_USERNAMES" # mysql -u root -p$(perl -MPassCrypt -nle 'print PassCrypt::decrypt_password($_)' /var/db/mysqlpw) -e "TRUNCATE TABLE PRX.BRUTE_FORCE_MITIGATED_IPS" 2. Add row_limit for the two tables to avoid the same issue in the future. Add following lines in the bottom of this file, /etc/ts/tools/clean_db.yaml PRX.BRUTE_FORCE_MITIGATED_USERNAMES: row_limit: 100000 order_by: brute_force_mitigated_username_id PRX.BRUTE_FORCE_MITIGATED_IPS: row_limit: 100000 order_by: brute_force_mitigated_ip_id Restart clean_db process (there is no impact of restarting this process) # pkill -f clean_db Wait 30 sec, and make sure the process came back # ps aux | grep clean_db
None