I’m currently trying CSF firewall which has a Virtualmin interface module.
Theres loads more options than shown in the screen shot.
Its very easy to find IP bans, remove unwanted bans, change settings (with the cog on the top left side of the screen shot) etc.
From my understanding you disable Firewalld and Fail2Ban as CSF/LFD clashes with the two bits of software.
I used this guide https://supporthost.in/install-csf-firewall-on-webmin/
Then manually disabled fail2ban autostart in virtualmin. then in the debian systemd.
systemctl disable fail2ban
When installing the Webmin module ( /etc/csf/csfwebmin.tgz) I had to go through the module install twice for it to install (I had to do this twice installing CSF Module on a CentOS machine too).
I’ve used CSF on another server with CWP7 for quite a while and havent any issues as yet. I like CSF for the features like country ban for specific ports, flood attack, emergency attack features (to enable when under attack) and like the email notifications on SSH user login, IP bans etc.
I see you are also on debian 10.
I’ve had no issues on that OS as yet.
However when installing CSF on a CentOS7 machine it caused errors with the Virtualmin script installer. When installing a script on a domain (lets say Roundcube) the whole domain would give a 500 error.
Another good bit of security:
LMD (Linux Malware Detect) is an open source malware detector for Linux operating systems. LMD is particularly designed for shared hosting environments to detect and clear threats in users file.
It also has email functions to let you know when it quarantines files etc.
Will do scans and email reports…
Also:
rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD. rkhunter is notable due to its inclusion in popular operating systems (Fedora,[1] Debian,[2] etc.)
Be interested on other users opinions to your question too!