The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF and Fail2Ban

Discussion in 'Security' started by mehnihma, Mar 18, 2013.

  1. mehnihma

    mehnihma Well-Known Member

    Joined:
    Dec 15, 2012
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi I and curios can CSF and Fail2ban work together and what is better?

    Thanks
     
  2. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    387
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    I recommend CSF as it works pretty well than fail2ban and designed to work fine with cPanel.
     
    #2 NixTree, Mar 18, 2013
    Last edited: Mar 18, 2013
  3. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    As mentioned above, if you are using cPanel, then csf would be better because you can manage it graphically from WHM>>Plugins. Fail2ban is also good for cPanel servers if you know how to use commands via shell. Fail2ban now include monitoring of log files for almost all services.

    Cheers!!!
     
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    I use CSF and Fail2Ban together all the time. All you need to do is create an action for Fail2Ban that feeds <host> to CSF and let CSF do all the rule writing. Here's what I use:

    /etc/fail2ban/action.d/csf-ip-deny.conf:
    Code:
    [Definition]
    actionstart =
    actionstop =
    actioncheck =
    actionban = csf -d <ip> Added by Fail2Ban for <name>
    actionunban = csf -dr <ip>
    [Init]
    name = default
    
    Then in your jail.conf just put something like this:

    Code:
    [exim]
    enabled  = true
    filter   = exim
    action   = csf-ip-deny[name=exim]
               sendmail-whois[name=exim]
    logpath  = /var/log/exim_mainlog
    
    For most things it's pointless, since LFD does a nice job of watching the major things that people use Fail2Ban for; but for custom actions and filters it's pretty nice to have them work in tandem.
     
Loading...

Share This Page