Set csf to no
da build set csf no
Disable brute force monitor
da config-set bruteforce 0
da config-set brute_force_log_scanner 0
systemctl restart directadmin
The main setting that defines how Imunify360 works along with CSF is 3-rd Party Integration switch. (The config file equivalent is CSF_INTEGRATION.catch_lfd_events). When this mode is disabled (default), CSF and Imunify360 work as two independent solutions (with redundant modules disabled on the Imunify360 side - see above).
When 3-rd Party Integration mode is enabled Imunify360 uses Login Failure Daemon (LFD) as source for security events instead of OSSEC. To get events from Login Failure Daemon (LFD), Imunify360 automatically replaces BLOCK_REPORT variable to the file path of Imunify360 script. When some IP address is blocked by LFD, Imunify360 adds this IP address to its Graylist and then removes it from CSF deny/tempdeny lists. The latter is done to unblock IP by passing Anti-Bot Challenge and to store all automatically blocked IP addresses in a single place. Thus, no IP is automatically added to CSF deny/tempdeny lists.
Disable the Imunify330 third party CSF integration (Source: CSF Integration)
imunify360-agent config update '{"CSF_INTEGRATION": {"catch_lfd_events": false}}'
Enable firewall OSSEC
imunify360-agent config update '{"OSSEC": {"active_response": true}}'
To uninstall CSF, log in to your server as the root user via SSH, then navigate to the CSF configuration directory using cd /etc/csf and run the uninstall script with sh uninstall.sh
cd /etc/csf && sh uninstall.sh
The uninstall script contains this line to disable lfd service
sed -i 's/lfd=ON/lfd=OFF/' /usr/local/directadmin/data/admin/services.status