Do you already use tools to secure your server? You may not need them as BitNinja comes with many different modules to secure your server from every aspect and may make your previous solutions redundant. If you would like to keep your existing solutions, you can find out the compatibility of different 3rd party software below.
|3rd party software||Compatible||Related BitNinja module|
|CSF (Config Server Firewall)||yes||IpFilter, IP reputation|
|mod_security||yes||Web Application Firewall 2.0|
|CXS (Config Server Exploit)||no||MalwareDetection|
|LFD (Login Failure Daemon)||yes||Log Analysis|
|Uncomplicated Firewall||yes||Web Application Firewall 2.0|
|Dome9||no||IpFilter, IP reputation|
|Imunify360||no||Web Application Firewall 2.0, IP reputation, MalwareDetection, Log Analysis, IpFilter|
|Wordfence||yes||Web Application Firewall 2.0, MalwareDetection|
|APF (Advanced Policy Firewall)||yes||IpFilter, IP reputation|
Below is some additional information regarding different 3rd party softwares.
BitNinja is compatible with this tool but CSF manages iptables rules aggressively. Every time you change a rule it flushes all iptables rules and reloads only its own. CSF then invokes an external script; BitNinja has the integration and sets it up automatically but it still means there is a slight time window when the BitNinja rules are not set every time CSF reloads. Many users reported the use of CSF with BitNinja successfully, although BitNinja makes CSF redundant.
CSF unfortunately completely flushes all ipsets if you configure it to use ipset so we recommend disabling this option to avoid resource overuse of many ipset reloads. For better compatibility we recommend to set LF_IPSET to 0.
# If you find any problems, please post on forums.configserver.com with full # details of the issue LF_IPSET = "0"
Mod_security is an apache2 WAF with fixed pattern based rulesets. Our Web Application Firewall module operates as a local reverse proxy so it is fully compatible with any web server. You can decide to keep your mod_security rules or drop them and rely on our WAF, it is up to you.
BitNinja is not compatible with maldet, the bash script for detecting malwares. Our MalwareDetection module can’t run parallel with maldet. It is safe to switch from maldet to BitNinja MalwareDetection
You can use BitNinja in a Dockerized environment with simply installing BitNinja on the host machine, so it will monitor all inbound traffic even the requests forwarded to the containers. After installing, BitNinja will automatically whitelist all of your external IP addresses so it won’t interfere with the communication between the hosts, but please double check the whitelisting by yourself as well.
This way BitNinja can’t analyze the logs, but still maintain a lot of security measurements. You will be able to use the WAF module and malware detection beta modules too.
We’re planning to release a Dockerized version of BitNinja in the near future.
You can keep fail2ban running on your server but in most use cases Log Analysis makes it redundant. Fail2ban has some limitations as it opens every log file for every separate rule you have, so it can consume more resources. Fail2ban will also block suspicious IPs and it can frustrate users. Read more about how we solved this issue by introducing the greylist technique for different protocols. IP reputation
Uncomplicated Firewall is a front-end from iptables, it does not bother BitNinja rules.
Unfortunately Dome9 drops any iptables rules other than its own, so Dome9 is not compatible with BitNinja currently.
Third Party monitoring services¶
If you are using free monitoring or scanner services like MxToolbox or HackerGuardian, you should add them to your whitelist for the scan time. You can add them permanently, but it is not recommended because attackers like to use free online tools to scan victim servers.
If you want to use MxToolbox their IPs are:
18.104.22.168/28 22.214.171.124/27 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11
If you want to use HackerGuardian, their IP range is: