Any gotchas to look out for when installing CrowdSec?
Assuming you mean https://crowdsec.net/? As I haven't tried myself, probably best to test on a test hourly VPS server and see. I suppose one thing is Centmin Mod installs CSF Firewall CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS but it's just a wrapper to underlying IPTables. But CSF Firewall loads up it's IPTables configuration dynamically at server start up time overriding direct IPTable rules you setup unless you place your own IPTables rules in executable shell script at /etc/csf/csfpre.sh i.e. https://community.centminmod.com/threads/ovh-icmp-ping-whitelist-for-csf-firewall.11427/#post-48519. Then CSF Firewall will load those before it's own at start up. Quick Google search suggests Crowdsec + CSF Firewall work together CrowdSec replacing Fail2ban Other thing is if it inspects Nginx access logs, know that Centmin Mod by default does buffer Nginx access logs to a small memory segment i.e. access_log directives have additional directive lines for which you can remove to disable buffering for real time logging rather than buffered memory logging Code (Text): buffer=256k flush=5m