CSF and Fail2Ban

I recommend CSF as it works pretty well than fail2ban and designed to work fine with cPanel.

 

As mentioned above, if you are using cPanel, then csf would be better because you can manage it graphically from WHM>>Plugins. Fail2ban is also good for cPanel servers if you know how to use commands via shell. Fail2ban now include monitoring of log files for almost all services.

Cheers!!!

 

I use CSF and Fail2Ban together all the time. All you need to do is create an action for Fail2Ban that feeds <host> to CSF and let CSF do all the rule writing. Here's what I use:

/etc/fail2ban/action.d/csf-ip-deny.conf:

Code:

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = csf -d <ip> Added by Fail2Ban for <name>
actionunban = csf -dr <ip>
[Init]
name = default

Then in your jail.conf just put something like this:

Code:

[exim]
enabled  = true
filter   = exim
action   = csf-ip-deny[name=exim]
           sendmail-whois[name=exim]
logpath  = /var/log/exim_mainlog

For most things it's pointless, since LFD does a nice job of watching the major things that people use Fail2Ban for; but for custom actions and filters it's pretty nice to have them work in tandem.