NixTree

Well-Known Member
Aug 19, 2010
413
5
143
Gods Own Country
cPanel Access Level
Root Administrator
Twitter
Hi I and curios can CSF and Fail2ban work together and what is better?

Thanks
I recommend CSF as it works pretty well than fail2ban and designed to work fine with cPanel.
 
Last edited:

arunsv84

Well-Known Member
Oct 20, 2008
373
1
68
127.0.0.1
cPanel Access Level
Root Administrator
As mentioned above, if you are using cPanel, then csf would be better because you can manage it graphically from WHM>>Plugins. Fail2ban is also good for cPanel servers if you know how to use commands via shell. Fail2ban now include monitoring of log files for almost all services.

Cheers!!!
 

mctDarren

Well-Known Member
Jan 6, 2004
665
4
168
New Jersey
cPanel Access Level
Root Administrator
I use CSF and Fail2Ban together all the time. All you need to do is create an action for Fail2Ban that feeds <host> to CSF and let CSF do all the rule writing. Here's what I use:

/etc/fail2ban/action.d/csf-ip-deny.conf:
Code:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = csf -d <ip> Added by Fail2Ban for <name>
actionunban = csf -dr <ip>
[Init]
name = default
Then in your jail.conf just put something like this:

Code:
[exim]
enabled  = true
filter   = exim
action   = csf-ip-deny[name=exim]
           sendmail-whois[name=exim]
logpath  = /var/log/exim_mainlog
For most things it's pointless, since LFD does a nice job of watching the major things that people use Fail2Ban for; but for custom actions and filters it's pretty nice to have them work in tandem.