From 8d934b275e20eda51fbbd20b1327c7aec4084dd8 Mon Sep 17 00:00:00 2001
From: ValueXu <ValueXu@outlook.com>
Date: Mon, 30 Dec 2024 18:09:01 +0800
Subject: [PATCH] Add some instructions for the default backend

---
 Fail2Ban-Setup.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/Fail2Ban-Setup.md b/Fail2Ban-Setup.md
index af0420b..5571e1f 100644
--- a/Fail2Ban-Setup.md
+++ b/Fail2Ban-Setup.md
@@ -183,6 +183,32 @@ filter = vaultwarden[journalmatch='_SYSTEMD_UNIT=your_vaultwarden.service']
 ```
 Use these instead of `logpath = ` and `filter = ` variables.
 
+**NOTE FOR BACKEND**
+If you installed fail2ban using such as `sudo apt install`, the `/etc/fai2ban/jail.conf` may using systemd as default backend. This default configuration item will result in the inability to monitor the log of logpath.
+
+Add `backend = pyinotify` or `backend = inotify` to the `vaultwarden.local` config
+
+```INI
+# path_f2b/jail.d/vaultwarden.local
+
+[vaultwarden]
+enabled = true
+backend = pyinotify
+port = 80,443,8081
+filter = vaultwarden
+banaction = %(banaction_allports)s
+logpath = /path/to/vaultwarden.log
+maxretry = 3
+bantime = 14400
+findtime = 14400
+```
+
+Restart fail2ban for changes to take effect:
+
+```bash
+sudo systemctl restart fail2ban
+```
+
 **NOTE FOR CLOUDFLARE USERS**
 If you use cloudflare proxy, you'll need to add Cloudflare in your actions list, like in [this guide](https://niksec.com/using-fail2ban-with-cloudflare/)
 
@@ -244,6 +270,32 @@ filter = vaultwarden-admin[journalmatch='_SYSTEMD_UNIT=your_vaultwarden.service'
 ```
 Use these instead of `logpath = ` and `filter = ` variables.
 
+**NOTE FOR BACKEND**
+If you installed fail2ban using such as `sudo apt install`, the `/etc/fai2ban/jail.conf` may using systemd as default backend. This default configuration item will result in the inability to monitor the log of logpath.
+
+Add `backend = pyinotify` or `backend = inotify` to the `vaultwarden.local` config
+
+```INI
+# path_f2b/jail.d/vaultwarden.local
+
+[vaultwarden]
+enabled = true
+backend = pyinotify
+port = 80,443,8081
+filter = vaultwarden
+banaction = %(banaction_allports)s
+logpath = /path/to/vaultwarden.log
+maxretry = 3
+bantime = 14400
+findtime = 14400
+```
+
+Restart fail2ban for changes to take effect:
+
+```bash
+sudo systemctl restart fail2ban
+```
+
 **NOTE FOR CLOUDFLARE USERS**
 If you use cloudflare proxy, you'll need to add Cloudflare in your actions list, like in [this guide](https://niksec.com/using-fail2ban-with-cloudflare/)