Vrtualmin + Mod_security + CSF/LFD ? How to integrate them properly?

netizen · October 6, 2015, 8:08am

I have managed to run all of the above in one server however I have a problem with LFD and automatically banning IPs that trigger mod_security ON ALL DOMAINS in the servers.
The problem is that CSF configuration allows you to specify ONE apache error_log file that will periodically scan for offending IPs and ban them. This usually by default is the /var/log/httpd/error_log.
This config however does not scan all the other error logs from the domains hosted in Virtualmin.

Has anyone managed to find a solution for this?
Ideally there should be one logfile only that collects all offences in itself and gets checked by LFD. Having multiple logfiles being checked will increase the server load big time.

Anyone?

Diabolico · October 6, 2015, 12:08pm

With fail2ban i made custom rules so i can scan every virtual server apache log files and take proper action. Maybe something similar can be done with CSF.

netizen · October 10, 2015, 12:47am

CSF with LDF provides only 9 additional custom logs that can be declared for custom usage and yes this will work. This means however that only 9 domains will be scanned in addition to the main apache error log.

I don’t see in CSF how can I add more custom logs and frankly I don’t think it is possible without making major changes to the core script (which I don’t want and can’t do).

Any other ideas?
Surely there must be someone here that uses CSF/LDF with Virtualmin and mod_security… :-/