CSF+LFD with modsec setup does everything and more than fail2ban and way better. CSF+LFD for cyberpanel if installed should also already be integrated and monitoring the modsec and error logs and blocking stuff.
Once the Cyberpanel login page has logging enabled we can easily tie it into the CSF+LFD log monitoring just like the cPanel CSF+LFD integration has.
I suggested we add some logging here for the admin panel
once something like that is setup that would make it super easy to add this log file and formatting to the CSF log scanner/monitor.
Right now when you fail logins it looks like this which is not very indicative there is a failed login.
Intentionally failed login to Cyberpanel and then anonymized IPs and hostname
Shown on login page when failing login:
Could Not Login, Error message: Administrator matching query does not exist.
Entry in the log:
[root@cloud:~]# tail -f /usr/local/lscp/cyberpanel/logs/access.log | grep -i login
75.215.75.165 - - [25/Apr/2020:00:57:23 +0000] “POST /verifyLogin HTTP/1.1” 200 96 “https://server.somedomain.com:8090/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36”