Thank you, @josephgodwinke, for your quick response. I have gone through this before as well but couldn’t figure it out; that is why I have asked here in the community, as many of you have already gone through this.
I believe by referring to these documents, you are saying that this much is enough and that there is no need to worry about my questions, correct?
You are right. This is my first install, so I am a bit more worried about safety and security. That is why I was looking for these answers. I have used UFW and Fail2ban. But CSF and LFD are new to me. I will go through the documentation in detail.
as @josephgodwinke stated you should take a deep look into documentation in any case. But because the question has very search friendly title and many will come across to it, let me explain in short those 4 questions and share a helpful previous community topic at the end:
LFD is available with the press of a button. When you complete the installation it is not by default installed, but there is default Cyberpanel CSF settings page where you can enable CSF + LFD in one click and manage them through there.
Sure there is a way to block ssh failed attempts. You can put a custom rule inside regex.custom file inside CSF settings and apply blocks per your liking. But by default CSF + LFD when you intall it there is a default limit applied to failed ssh login attempts so you are ok with that. You can change that via the settings (e.g. increase attempts or period of blocking).
Yes there is, again using regex.custom but that would bloat your IP tables too much I think. Disabling root login on server level could do the same trick.
By default access.log of Cyberpanel is $path_to_cyberpanel_directory_accesslogs(depending on your OS) e.g. /usr/local/lscp/cyberpanel/logs/access.log. You can add this file to CSF + LFD so LFD will check it for failed attempts and then add your custom rules to regex.custom just like the previous steps.
An additional topic for this point with useful info is: