Nigel i use CSF firewall maybe less complex.?
GPL and doing some forum posts in return for that ( if others dislike my posts (gramar…) they can ask me to stop) .
Non critical Server / test and so on, i learn so more because of some not uptodate security things ( virtualmin / webmin) if doing test and mostly i get them fixed not within GUI.
The combination to get a box PCI complaint ( almost while with PCI you need also to do more well documentated things and so) there is lynis helpfull to.
https://linux-audit.com/lynis/ you can read some .
Homepage here https://cisofy.com/lynis/ ( NICE DUTCH GUY) the free version for small or not very critical is OK
Because of some of this https://www.virtualmin.com/node/67053 a example the reason why i posted that topic here https://www.virtualmin.com/node/66865 as you can read first reply was don’t need updates , but after a while ofcourse the updates came for some…
YOU LEARN and see some less or more important points if running lynis audit system very handy software. ( also for those who forget sometimes to change / set important config…)
I’m not saying CSF firewall is the best or better, but is ok and seamly easy to handle, also i know these software for over a decade now.
For critical boxes we us DA , plesk i dislike because of bad experience with to late security update from plesk in the past where i have done this then manually and after that stucked in that part always doing manually or desintall install again , sofar i know but log time ago you can’t do much in plesk manually yourself without risk breaking some gui parts .
IN Virtualmin you have to do / know more manualy because some GUI parts are outdated for more modern versions ( postfix is one example https://www.virtualmin.com/node/67332 but not the only one) i have posted her in forum about some of that parts. ( OYEA with manualy i also mean where possible / needed edit the config files within Virtualmin GUI that is a nice option)
I did mariadb 10.3.x parts manually from CLI and then better don’t use after that the gui script from Virualmin , didn’t try with updated script though.
Docu is to old for example the security PCI compliant parts here in Virtualmin. https://www.virtualmin.com/node/67087
So my most important TIPs are is todo yourself some test and reading because of security and some more modern settings / configs , and do get this done then your box and apps have better security.
If using / sharing virtualmin/webmin boxes with other USERS / Customers be sure you can trust them, but Jamie is on that now sofar you can read here and on GITHUB.
TIP:
Also keep a eye on the github commits ! https://github.com/webmin/webmin.
and https://github.com/virtualmin and here https://sourceforge.net/p/webadmin/discussion/55377/
OYEA
at this date of writing you have to use a LETSencrypt script yourself because outdated in Virtualmin not qworking very good and almost EOL. Lot of problems errors possible to get your LE cert. https://www.virtualmin.com/comment/818022#comment-818022
Submitted by andreychek on Sat, 10/12/2019 - 00:03 Comment #7
You may want to use the workaround mentioned in Comment #1 above, that will resolve any issues relating to the ACME protocol version until we’re able to modify the built-in client to use the new protocol. in topic https://www.virtualmin.com/comment/818040#comment-818040