Integration with CSF+LFD

mendozal

ss88us I like that option too.

Adrien

[unknown] I would prefer F2B too because i'm more familiar with it.

kyzoeadmin

personally, we have on our other servers (directadmin, runcloud, ploi.io) installed Crowdsec as updated version of fail2ban. It works great !

kyzoeadmin

ss88us what is the WP plugin you use together with F2B

ss88us

kyzoeadmin It's one I created. I think sometime next week I'll drop a guide here on what to do and how to go about installing Fail2Ban as well as the WordPress plugin.

kyzoeadmin

ss88us Perfect, love to test it !

AdamM

Fail2ban It is old and inefficient, there are newer solutions. Check out CrowdSec. I use it.

Adam

Enhance installs ufw by default and ufw is used to manage the NAT rules to allow outbound connectivity for containers.

Therefore any script which integrates with ufw should be absolutely fine. I believe that's true of fail2ban.

ss88us

Not arguing with ya'll, but Fail2Ban is still being updated: https://github.com/fail2ban/fail2ban, I wouldn't call it inefficient, but I can see how CrowdSec has an advantage; because if 1 million agents report back, their network would globally block an IP address across 1 million servers. It's a little like Cloudflare.

Fail2Ban's prime purpose is to locally scan logs for patterns and perform an action.

Even though CrowdSec looks nice, it's not a local thing, the logs are sent to their servers. That's not a bad thing depending on the logs however, I have clients who would be cautious with sending that information to a third party.

@AdamM, do you use CrowdSec on any of your Enhance installs?

AdamM

ss88us
Yes I use CrowdSec, if I find time I will write a tutorial on how to configure with Enhance

mendozal

AdamM this would be nice. I was looking at their website and it seems they don't have a ufw bouncer.

I just installed crowdsec + the iptables bouncer on a DNS server to test and it immediatly lost communication with the enhance CP, so I would think it's not very straightforward.

kyzoeadmin

AdamM that would be great all server (exept the one with enhance) id running Crowdsec we love it. And would love to see you tutorial.

MediaServe

AdamM This would be great! I've just started with CrowdSec due to my concerns with Enhance's lack of built-in security features at the present time compared to cPGuard or Imumity360 with cPanel (which I yearn to abandon!), and this would be of interest.

I commented on my initial thoughts about CrowdSec at https://community.enhance.com/d/48-crowdsec-integration/12

Adrien

[unknown] Adam that would be very helpful. I can't install CrowdSec without guidance from the community.

MediaServe

cPGuard has support for CSF+LFD. Will CSF coexist with UFW I wonder? Otherwise perhaps I need to figure out a way to map UFW commands to CSF format, like have a script /usr/sbin/csf that recognizes the CSF commands used by cPGuard and translates them to UFW syntax.