From bd0c70def8334c38772f8226fe2ffe91648835de Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Thu, 23 Oct 2025 16:04:28 +0200
Subject: [PATCH] better formating, more information

---
 doc/README.Fail2ban | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/doc/README.Fail2ban b/doc/README.Fail2ban
index 835e446d1..2e4126f5b 100644
--- a/doc/README.Fail2ban
+++ b/doc/README.Fail2ban
@@ -1,18 +1,33 @@
 Adding authentication failure check for fail2ban
 =================================================
 
-You will have to use 5.1.10 for this to work.
+Fail2ban is a very mature and sophisticated program to detect attacks on
+a service by checking its log file. If such an attack was detected an
+action will be executed, which will mostly ban the IP of the attacker
+for a configurable amount of time.
 
-Add a filter /etc/fail2ban/filter.d/seeddms.conf with the content
+You will have to use at least SeedDMS 5.1.10 for this to work.
 
+Add a filter `/etc/fail2ban/filter.d/seeddms.conf` with the content
+
+```
 [Definition]
 
 failregex = \[error\] -- \(<HOST>\) op.Login login failed
+```
 
-then configure a new jail in /etc/fail2ban/jail.d/seeddms.conf
+This will tell fail2ban which lines in the log file are considered
+to be an incident. Here it is a failed login.
 
+Than configure a new jail in `/etc/fail2ban/jail.d/seeddms.conf`
+
+```
 [seeddms]
 enabled = yes
 port = http,https
 filter  = seeddms
 logpath = /home/www-data/seeddms-demo/data/log/*.log
+```
+
+It tells fail2ban which log files shall be analysed, and which filter
+has to be applied.