Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CSF and Fail2Ban

Discussion in 'Security' started by mehnihma, Mar 18, 2013.

  1. mehnihma

    mehnihma Well-Known Member

    Joined:
    Dec 15, 2012
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi I and curios can CSF and Fail2ban work together and what is better?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    407
    Likes Received:
    3
    Trophy Points:
    143
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Twitter:
    I recommend CSF as it works pretty well than fail2ban and designed to work fine with cPanel.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 NixTree, Mar 18, 2013
    Last edited: Mar 18, 2013
  3. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    As mentioned above, if you are using cPanel, then csf would be better because you can manage it graphically from WHM>>Plugins. Fail2ban is also good for cPanel servers if you know how to use commands via shell. Fail2ban now include monitoring of log files for almost all services.

    Cheers!!!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    I use CSF and Fail2Ban together all the time. All you need to do is create an action for Fail2Ban that feeds <host> to CSF and let CSF do all the rule writing. Here's what I use:

    /etc/fail2ban/action.d/csf-ip-deny.conf:
    Code:
    [Definition]
    actionstart =
    actionstop =
    actioncheck =
    actionban = csf -d <ip> Added by Fail2Ban for <name>
    actionunban = csf -dr <ip>
    [Init]
    name = default
    
    Then in your jail.conf just put something like this:

    Code:
    [exim]
    enabled  = true
    filter   = exim
    action   = csf-ip-deny[name=exim]
               sendmail-whois[name=exim]
    logpath  = /var/log/exim_mainlog
    
    For most things it's pointless, since LFD does a nice job of watching the major things that people use Fail2Ban for; but for custom actions and filters it's pretty nice to have them work in tandem.
     
    John Schmerold likes this.
Loading...
Similar Threads - Fail2Ban
  1. Bouke
    Replies:
    3
    Views:
    355

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice