Fail2Ban versus CSF?

[vpsnewb]

Which one do you think is better? I have lot of experience with CSF on cpanel servers but not on a server without it. I've never used fail2ban before. Which one would be better for a vps that has no control panel?

 

[Amitz]

I would say that the two have different applications: One (CSF) is a firewall frontend with Intrusion Detection Service (LFD) and the other is a plain Intrusion Detection Service (fail2ban). If you do not need the firewall part of CSF, then I would go with fail2ban.

 

[wlanboy]

As Amitz said: Two different purposes.

I do prefer fail2ban because it is quite easy to write new regex statements to watch every logfile you want.

 

[jarland]

Base functionality for the average user, fail2ban and LFD will be no noticeable difference. Of course, CSF is a nice easy way to fine tune iptables for the average user and for that I highly recommend it.

 

[Increhost]

For web hosting enviroments LFD is great, sometimes port scan gives a little trouble

with false positives, so you need to keep an eye on them.

CSF is very nice, and has evolved since it's creation, so in combination with

LFD they do a great job.

But... you have to keep track of the logs, if you use mod_security rules, you could block

forever everybody if a rule doesn't like a website (not just http block but ip blocking too).

Anyway, as people already told, they're different, but CSF+LFD is totally recommendable.

cheers!

 

[Lee]

Which one do you think is better? I have lot of experience with CSF on cpanel servers but not on a server without it. I've never used fail2ban before. Which one would be better for a vps that has no control panel?

Bear in mind you can still use CSF just like you would as it were cPanel, editing the config file from the command line is just like seeing the editor page in cPanel so if you are familiar with it stick with it.

 

[eva2000]

I use CSF on both WHM/Cpanel and my Centmin Mod Nginx installer (non-gui CSF). But apparently you can also use CSF + Fail2ban as long as you configure Fail2ban to NOT conflict with what CSF can do and just leave Fail2ban to do stuff CSF can't do.

I'm still noob to Fail2ban so testing this theory out and using it just as type of WAF for brute force attacks against wordpress and vbulletin (basically emptying out /etc/fail2ban/jail.local with just wordpress and vbulletin settings.

 

[Magiobiwan]

CSF has a nice Webmin Module which you can use it with, if you don't have cPanel on your server. I use CSF on my servers through Webmin, and it works quite nicely. After I realized I should whitelist all the IPs I might possibly use to connect... Accidentally blocked myself from SSHing in!

 

[clarity]

I am also pretty sure that CSF has its own web-GUI now.

 

[drmike]

Someone, please, consider a CSF tutorial for newbs... I could use it

 

[Kakashi]

CSF has always been very good to me.  :wub:

 

[rupe]

Someone, please, consider a CSF tutorial for newbs... I could use it

Yes this would be nice. I'm going to try and find a good one using google, and, if I succeed, will post link here.

I'm using fail2ban, but will add csf, as well, from now on.

I just did a quick install on one of my 'test' VPSes, and see that it didn't enable LFD, which is appropriate for my setup (fail2ban covers LFD's function).