NixTree
Well-Known Member
I recommend CSF as it works pretty well than fail2ban and designed to work fine with cPanel.
Last edited:
As mentioned above, if you are using cPanel, then csf would be better because you can manage it graphically from WHM>>Plugins. Fail2ban is also good for cPanel servers if you know how to use commands via shell. Fail2ban now include monitoring of log files for almost all services.
Cheers!!!
Cheers!!!
I use CSF and Fail2Ban together all the time. All you need to do is create an action for Fail2Ban that feeds <host> to CSF and let CSF do all the rule writing. Here's what I use:
/etc/fail2ban/action.d/csf-ip-deny.conf:
Then in your jail.conf just put something like this:
For most things it's pointless, since LFD does a nice job of watching the major things that people use Fail2Ban for; but for custom actions and filters it's pretty nice to have them work in tandem.
/etc/fail2ban/action.d/csf-ip-deny.conf:
Code:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = csf -d <ip> Added by Fail2Ban for <name>
actionunban = csf -dr <ip>
[Init]
name = default
Code:
[exim]
enabled = true
filter = exim
action = csf-ip-deny[name=exim]
sendmail-whois[name=exim]
logpath = /var/log/exim_mainlog
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| R | CSF SMTP AUTH Blocking Issue | Security | 3 | |
|
with {csf -a “tcp|in|d=3306|s=<IP address>”} we authorize ONE IP, with which command we reverter? | Security | 5 | |
| A | Secure Server From DDos Attacks via CSF | Security | 2 | |
| D | You must stop and disable firewalld when using csf | Security | 2 | |
|
CSF, WPFail2Ban, Litespeed | Security | 2 |