FYI CSF Firewall

[frontline]

Those who have an open server on the internet might take a look at ConfigServer Security & Firewall (csf)
Billed as: Login/Intrusion Detection and Security application for Linux servers.

http://www.configserver.com/cp/csf.html

CSF is a rock hard firewall/intrusion detection system. It comes with a companion program that monitors logins, file/directory changes, etc. File/directory permission and content integrity is a major element in Linux (*nix) security. CSF is well integrated with webmin out of the box.

I have used it on my PiaF server and cPanel servers for a couple years. It is comforting to get an email after a login or file update as a leg up on possible security breach. Looks for rogue scripts and unusual server load, etc. Configuring the necessary ports for PiaF is a snap. Installation and configuration is painless. What is it they say, something about your mileage may vary ??

This is probably not a solution for home/lan installations.

 

[johnny2000]

Will it run alongside fail2ban? Or do we have to kill fail2ban. Thank you.

 

[wardmundy]

Fail2Ban is a log parser. No (properly configured) firewall should have any impact on its operation.

 

[Hyksos]

Actually that's not only an iptables manager it also advertise this:

Login Failure Daemon (lfd)
==========================

To complement the ConfigServer Firewall, we have developed a daemon process
that runs all the time and periodically (every X seconds) scans the latest log
file entries for login attempts against your server that continually fail
within a short period of time. Such attempts are often called "Brute-force
attacks" and the daemon process responds very quickly to such patterns and
blocks offending IP's quickly. Other similar products run every x minutes via
cron and as such often miss break-in attempts until after they've finished, our
daemon eliminates such long waits and makes it much more effective at
performing its task.

There are an array of extensive checks that lfd can perform to help alert the
server administrator of changes to the server, potential problems and possible
compromises.

On cPanel servers, lfd is integrated into the WHM > Service Manager, which will
restart lfd if it fails for any reason.

So this has full potential to mess with fail2ban because some functions will overlap.
And csf is probably not fail2ban aware while managing iptables...
And fail2ban and lfd could both be monitoring the same log files...
And lfd could lack some kind of asterisk support so maybe you'll want both...

So yeah, potential for problems.
And also PIAF has some custom/undocumented ways about iptables, restarting it from somewhere?
And Travelin Man manages iptables too.
Not sure someone with zero Linux knowledge should try add this to PIAF. Doesn't mean it's a bad idea or that csf is no good, never used it!
But csf is not expecting PIAF and PIAF is not expecting csf. Like everything linux it's probably pretty easy to have all that humming along but it probably requires some setting up... That might not currently be documented anywhere... So YMMV!