CSF + Imunify360

Started by Valerya, Jun 18, 2022, 02:00 AM

Previous topic - Next topic

ValeryaTopic starter

Short question which I could t find on the forum

Can CSF and Imunify360 be enabled and both run/monitor/scan at the same time ? Or will this cause any major problems?

Note: Obviously scheduled scans won't be done at the same time.

Thank you


Yep, as stated; they can both run at the same time.

It's incredibly worth doing so. The webshield(WAF) that Imunify360 provides is definitely worth the value that Imunify360 prices at.


But if paying for full Imunify360, you might as well use it standalone, isn't it!? Or just use ImunifyAV+ + CSF.


The main setting that determines how Imunify360 works alongside CSF is the 3rd party assimilation switch. (The config file is equivalent to CSF_INTEGRATION.catch_lfd_events). When this mode is disabled (by default), CSF and Imunify360 work as two independent solutions (with redundant modules disabled on the Imunify360 side).

When third party assimilation mode is enabled Imunify360 uses the Login Failure Daemon (LFD) as a source for security events instead of OSSEC. To receive events from the Login Failure Daemon (LFD), Imunify360 automatically replaces the BLOCK_REPORT variable with the Imunify360 script file path. When some IP address is banned by LFD, Imunify360 adds that IP address to its Graylist and then removes it from CSF deny/tempdeny lists. In one place. So IP is not immediately added to CSF deny/tempdeny lists.