Fail2ban Setup and questions

[factor]

I am just learning here.. I said it in my opening post. I want people to tell me what causes them to like fail2ban. Let me make a point this way if you do a search here on fail2ban @floyd is about the only one who states he uses fail2ban. I would like to know the why.. So the only way to is to ask and do my own research. I have always been into research and learning just to learn. CSF might be the best. Its not why I am asking questions.

I've not dived deep into customization of CSF/LFD

I have not either. More than fail2ban currently but not alot.

I'd be careful about having two different pieces of software

Me to but his isn't production for me.

I'd stick with CSF/LFD if you already have that

This is tradition and dogma. I am just trying to learn more. Its like Language if you know english. Why study dutch, arabic, or greek? Because I can..

then maybe consider fail2ban as an addition, assuming the two can play nice together.

They can and I may.

there might be something I'm overlooking.

Honestly I am not sure either of us are over looking anything. I am just looking.

Hope you both know I think highly of you. Both of you are super smart.. If I asked you to help me learn your countries Language? You would help me right? Even though we all know english... this is all I am doing.

 

[Richard G]

I know what you are doing and thank you again for the explanation. Like said, I'm also only asking for learning purposes, I won't use fail2ban. But I did my comparison in the past, things might have changed which is why I wrote I might have overlooked something (then or maybe now).
So I'm also curious as to why somebody uses fail2ban instead of CSF/LFD and if there are differences I don't know about, for learning purposes and like I call it myself "technical curiosity".

 

[BillyS]

I'm also interested in what might be the best combination of these tools. I currently use both CSF/ LFD and BFM.

 

[eva2000]

I still don't understand the benefit of using both.
What can Fail2ban do what DA and CSF can't do?

In the context of reverse proxy situations and application level usage i.e. port 80/443 like using Cloudflare, Sucuri, Incapula in front of your servers, an actual IPtable based firewall standalone won't have proper access to a visitor's real IP address out of the box. Meanwhile, fail2ban can operate on a level which inspects web server and other logs where you can essentially restore real visitor IP address logging via x-forward-for and cf-connecting-ip passed on header values.

Generally, you'd use both CSF/Firewall + fail2ban. Though using Cloudflare in front for app level protection has helped too.

 

[factor]

Cloudflare

I don't use Cloudflare. I dislike the company.

Whats the benifits in your mind with using both CSF and F2B without Cloudflare. Just a regular internet lamp, and email type server.

 

[kristian]

Meanwhile, fail2ban can operate on a level which inspects web server and other logs where you can essentially restore real visitor IP address logging via x-forward-for and cf-connecting-ip passed on header values.

LFD does this as well, and you can define your own custom logs for it to read, and your own custom regexes to trigger on. I use it to block repeated requests to xmlrpc.php/wp-login.php for example.

 

[BillyS]

LFD does this as well, and you can define your own custom logs for it to read, and your own custom regexes to trigger on. I use it to block repeated requests to xmlrpc.php/wp-login.php for example.

I do the same and this works really well. I'm not very technical and could figure it out. That's why I'm interested if it's worth doing anything beyond LFD and BFM.