README.md

README.md

@@ -1,6 +1,14 @@
 # blockauth
 
-## Install blockauth
+Tool that blocks IPs that make ssh connection attempts by reading the auth.log file (rsyslog).
+
+## Dependencies (Ubuntu/Debian):
+
+```
+sudo apt install iptables rsyslog grep sed
+```
+
+## How to install blockauth:
 
 ```
 git clone https://gitlab.com/q3aql/blockauth.git
@@ -8,10 +16,37 @@ cd blockauth
 sudo ./install.sh
 ```
 
-## Unninstall blockauth
+## How to unninstall blockauth:
 
 ```
 git clone https://gitlab.com/q3aql/blockauth.git
 cd blockauth
 sudo ./unninstall.sh
 ```
+
+## How to run service:
+
+    * First, edit the file `/etc/blockauth/blockauth.conf`:
+
+      ```shell
+      # Blockauth configuration file
+      valid_users="test1 test2"
+      always_ip_allowed="192.168.0.1 192.168.0.2"
+      blocklist="/etc/blockauth/blocklist.list"
+      filelog="/etc/blockauth/blockauth.log"
+      ````
+
+    * Add the service to the system startup and start it:
+    
+    ```shell
+    systemctl enable blockauth
+    systemctl start blockauth
+    ````
+
+    * IPs using one of the users in `valid_users` variable will never be blocked.
+    * IPs of `always_ip_allowed` variable will never be blocked.
+
+## External links:
+
+* [iptables](https://www.netfilter.org/projects/iptables/index.html)
+* [rsyslog](https://www.rsyslog.com/)