From f0e2de7cb8822b2866a0a1274d3f504c9daac1e7 Mon Sep 17 00:00:00 2001
From: q3aql <q3aql@duck.com>
Date: Fri, 5 Apr 2024 20:09:56 +0200
Subject: [PATCH] README.md

---
 README.md | 39 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 37 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c2060df..7cf5de4 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,14 @@
 # blockauth
 
-## Install blockauth
+Tool that blocks IPs that make ssh connection attempts by reading the auth.log file (rsyslog).
+
+## Dependencies (Ubuntu/Debian):
+
+```
+sudo apt install iptables rsyslog grep sed
+```
+
+## How to install blockauth:
 
 ```
 git clone https://gitlab.com/q3aql/blockauth.git
@@ -8,10 +16,37 @@ cd blockauth
 sudo ./install.sh
 ```
 
-## Unninstall blockauth
+## How to unninstall blockauth:
 
 ```
 git clone https://gitlab.com/q3aql/blockauth.git
 cd blockauth
 sudo ./unninstall.sh
 ```
+
+## How to run service:
+
+    * First, edit the file `/etc/blockauth/blockauth.conf`:
+
+      ```shell
+      # Blockauth configuration file
+      valid_users="test1 test2"
+      always_ip_allowed="192.168.0.1 192.168.0.2"
+      blocklist="/etc/blockauth/blocklist.list"
+      filelog="/etc/blockauth/blockauth.log"
+      ````
+
+    * Add the service to the system startup and start it:
+    
+    ```shell
+    systemctl enable blockauth
+    systemctl start blockauth
+    ````
+
+    * IPs using one of the users in `valid_users` variable will never be blocked.
+    * IPs of `always_ip_allowed` variable will never be blocked.
+
+## External links:
+
+* [iptables](https://www.netfilter.org/projects/iptables/index.html)
+* [rsyslog](https://www.rsyslog.com/)