From 776d4a85ecade77a029c0bbba9a0934256f80546 Mon Sep 17 00:00:00 2001
From: "Serg G. Brester" <github@sebres.de>
Date: Fri, 30 Jun 2017 17:13:54 +0200
Subject: [PATCH] Rebuild to FAQ style using details/summary html-tags

---
 ...ther-as-host-(IP-address),-like-user-or-mail,-etc..md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc..md b/How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc..md
index 1325f28..c928a31 100644
--- a/How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc..md
+++ b/How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc..md
@@ -1,5 +1,6 @@
 **[Q]** Can I ban something other as host (IP-address), like user or e-mail, etc.<br/>
 **[A]** Yes, it is theoretically possible with fail2ban, since no-host banning was implemented (v. 0.9.5 or 0.10). See [fail2ban/gh-1454](https://github.com/fail2ban/fail2ban/pull/1454) for more implementation details.
+<details><summary>How to configure it:</summary><br/>
 
 * You should create your own `action` and specify there which command(s) should be executed by ban/unban
 * Version 0.10 allows you to define failure-ID in `failregex`:
@@ -70,9 +71,14 @@ fail2ban-regex --raw /var/log/auth.log '^\s*(?:\S+\s+)?(?:[^:]+:auth\[\d+\]:\s+)
 # v. 0.9.5:
 fail2ban-regex --raw /var/log/auth.log '^\s*(?:\S+\s+)?(?:[^:]+:auth\[\d+\]:\s+)?pam_unix(?:\(\S+\))?:?\s+authentication failure; login=(?P<host>\S+)'
 ```
+</details>
 
+***
 **[Q]** I don't have any failure-ID in the log-entry, can I nevertheless configure the fail2ban, that it should simply execute some command if some message will be found in observed log-file<br/>
-**[A]** Yes, if you've no failure-id at all (no user-id, e-mail or something other), but you'll that fail2ban execute some shell script after failure occurrence, you should additionally:
+**[A]** Yes
+<details><br/>
+
+If you've no failure-id at all (no user-id, e-mail or something other), but you'll that fail2ban execute some shell script after failure occurrence, you should additionally:
 * set empty or something other as match for failure-id (still `<host>` in 0.9th-branch) in `failregex`, example:
 ``` bash
 # DDOS resp. "too many IPs" will be used as failure-ID:
@@ -87,3 +93,4 @@ actionban = /user/bin/ids-attack.sh '<fid>'
 ``` 
 * `actionban` script will be executed as root (or with user, fail2ban running), so use `su` if other/restricted user needed;
 - set `usedns`, `ignoreip`, `ignorecommand` as suggested above, otherwise you can get error by comparison with empty/illegal host (that will be found by "failure");
+</details>
\ No newline at end of file