is there any conflict to run fail2ban with CFS, lfd and bfm ?

[adrianmak]

as title........

 

[zEitEr]

CSF and BFM can be used together. Why do you need fail2ban? I doubt that is a good idea to have them all to do the same thing.

 

[adrianmak]

CSF and BFM can be used together. Why do you need fail2ban? I doubt that is a good idea to have them all to do the same thing.

any doc how to config bfm?

 

[zEitEr]

Check this http://forum.directadmin.com/showthread.php?t=44839

 

[bluebirdnet]

there is absolutly no reason to use fail2ban, with CSF, LFD and BruteForce monitor it works like a charm!

 

[adrianmak]

there is absolutly no reason to use fail2ban, with CSF, LFD and BruteForce monitor it works like a charm!

OK. CSF,LFD and BFM out of box will auto ban ips ?

 

[zEitEr]

CSF/LFD - Yes
BFM - NO

Check the link already posted by me above on how to make them to block IPs.

 

[adrianmak]

Check this http://forum.directadmin.com/showthread.php?t=44839

I read a post http://help.directadmin.com/item.php?id=380 mentioned from this post. On step 1, it asked to replace the original /etc/init.d/iptables script with the link provided in that post. However I found that the new iptables script is hard-coded some of tcp/udp ports and they may not match with the csf settings.

isn't there are no conflict between the iptables script and the csf opening ports settings ?

 

[zEitEr]

If after CSF/LFD is installed on your server you see that some ports are closed with it, that's up to you to open them. Edit /etc/csf/csf.conf and open all the ports you need. You might want to check with this article: http://help.directadmin.com/item.php?id=71

 

[Richard G]

You could also skip the complete iptables manual and just create a couple of scripts which makes csf do a tempban. In that case unbanning is not needed anymore.
This is my block_ip.sh:

#!/bin/sh

/etc/csf/csf.pl -td $ip 86400 BFM IP Block

exit 0;

And then this other script is needed called brute_force_notice_ip.sh:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

This way you got a solution for CSF in 2 steps without all other files and iptables stuff needed.

 

[zEitEr]

You could also skip the complete iptables manual and just create a couple of scripts which makes csf do a tempban. In that case unbanning is not needed anymore.

In this case you won't be able to use Directadmin feature to unblock IPs; if you don't care of it, that's OK I guess.

 

[Richard G]

Correct. But since with these scripts you are using temporary bans, you normally won't need any unban option.
Next to that, you can always unban from the configserver plugin itself if needed.

In the thread mentioned here, there is being pointed to a manual.
Which has these kind of things:

if [ -x "/etc/csf/csf.pl" ]; then
    echo "Found csf instaled, so blocking $ip with it<br>";
    /etc/csf/csf.pl -d $ip
else
    echo "Blocking $ip and restarting iptables ...<br>";
    /etc/init.d/iptables restart

When using CSF there is no need for restarting iptables, CSF is working in realtime, so blocked is really blocked immediately, no iptables restart needed.
Same for unblock.
These scripts can be made shorter by half by removing the iptables restart stuff.

 

[zEitEr]

Restart of iptables goes after "else" statement and in case you've got CSF installed restart is not triggered.

My idea was not only to show how to use it with CSF, but to make it universal, so probably DA would have it in their guide. So if you've got CSF installed the scripts go one way, and if you use raw iptables, then the scripts go another way. That's it.

 

[Richard G]

Oh yes, if it's intended for universal use then it's great ofcourse.