

Fail2ban config can get fairly involved in my experience. I’m probably not doing it the right way, as I wrote a bunch of web server ban rules — anyone trying to access wpadmin gets banned, for instance (I don’t use WordPress, and if I did, it wouldn’t be accessible from my public facing reverse proxy).
I just skimmed my nginx logs and looked for anything funky and put that in a ban rule, basically.
A lot of non-graphical utilities — basically the *NIX coreutils, plus stuff like rsync, ssh, compression/archival tools (tar, gzip, bzip2, etc.), grep, and the like. Git also comes to mind.
I think part of this is that the UNIX philosophy is “developer friendly” — tell a good dev they need to make a compression utility that follows this protocol, and they will make a compression utility that follows the protocol.