correct alignment

Using-Security-Tools-with-Paperless-ngx.md

@@ -1,99 +1,101 @@
 [Crowdsec](#crowdsec) | [Fail2ban](#fail2ban)
 
+
 # Crowdsec
 > [Crowdsec](https://www.crowdsec.net/) is a crowdsourced intrusion detection and prevention system (IDS/IPS) that will detect suspicious login activity and ban IP addresses. These bans result from both a) local detection of e.g. brute-force login attempts based on the Paperless-ngx log files and b) the real-time community feed of aggressive IPs (IPs that show malicious activity within the Crowdsec user community, will be added to this list).
 
 1. Install the [Paperless-ngx collection](https://hub.crowdsec.net/author/andreasbrett/collections/paperless-ngx) via Crowdsec's `cscli` tool.
 
-`sudo cscli collections install andreasbrett/paperless-ngx`
+    `sudo cscli collections install andreasbrett/paperless-ngx`
 
 2. Point Crowdsec to your Paperless-ngx logfile
 
-Edit `/etc/crowdsec/acquis.yaml` with your preferred text editor and add a section pointing to the location of your Paperless-ngx log. If you have set up Paperless-ngx as a Docker container the log file will reside within the volume you configured. The absolute path for Docker volumes should be `/var/lib/docker/volumes/...`.
+    Edit `/etc/crowdsec/acquis.yaml` with your preferred text editor and add a section pointing to the location of your Paperless-ngx log. If you have set up Paperless-ngx as a Docker container the log file will reside within the volume you configured. The absolute path for Docker volumes should be `/var/lib/docker/volumes/...`.
 
-```
----
-filenames:
-    - /var/lib/docker/volumes/paperless_data/_data/log/paperless.log
-labels:
+    ```
+    ---
+    filenames:
+        - /var/lib/docker/volumes/paperless_data/_data/log/paperless.log
+    labels:
     type: Paperless-ngx
-```
+    ```
 
 3. Reload Crowdsec configuration
 
-`sudo systemctl reload crowdsec`
+    `sudo systemctl reload crowdsec`
+
 
 # Fail2ban
 > [Fail2ban](https://github.com/fail2ban/fail2ban) is a powerful tool for securing your server by monitoring log files for suspicious activity and banning IP addresses that exhibit malicious behavior.
 
- 1. Create the Fail2ban Jail
+1. Create the Fail2ban Jail
 
- The first step is to create a fail2ban jail configuration file for Paperless. Open your preferred text editor and create a new file named `paperless.conf` in the `/etc/fail2ban/jail.d/` directory.
+    The first step is to create a fail2ban jail configuration file for Paperless. Open your preferred text editor and create a new file named `paperless.conf` in the `/etc/fail2ban/jail.d/` directory.
 
- Add the following contents to the file:
+    Add the following contents to the file:
 
- ```bash
- [paperless]
- enabled  = true
- maxretry = 5
- filter   = paperless
- logpath  = /var/lib/docker/volumes/paperless_data/_data/log/paperless.log 
- chain    = DOCKER-USER
- port     = 8000
- [paperless_proxy]
- enabled  = true
- maxretry = 5
- filter   = paperless
- logpath  = /var/lib/docker/volumes/paperless_data/_data/log/paperless.log
- port     = http,https
- ```
+    ```bash
+    [paperless]
+    enabled  = true
+    maxretry = 5
+    filter   = paperless
+    logpath  = /var/lib/docker/volumes/paperless_data/_data/log/paperless.log 
+    chain    = DOCKER-USER
+    port     = 8000
+    [paperless_proxy]
+    enabled  = true
+    maxretry = 5
+    filter   = paperless
+    logpath  = /var/lib/docker/volumes/paperless_data/_data/log/paperless.log
+    port     = http,https
+    ```
 
- If the Paperless Docker volumes are located to a different location (`/var/lib/docker/volumes/`), modify the `logpath` accordingly.
+    If the Paperless Docker volumes are located to a different location (`/var/lib/docker/volumes/`), modify the `logpath` accordingly.
 
- If you are not using a reverse proxy to access Paperless you can remove the `[paperless_proxy]` section.
+    If you are not using a reverse proxy to access Paperless you can remove the `[paperless_proxy]` section.
 
- 2. Create the Fail2ban Filter File
+2. Create the Fail2ban Filter File
 
- This file will define the pattern that fail2ban will look for in the Paperless log file to identify malicious activity.
+    This file will define the pattern that fail2ban will look for in the Paperless log file to identify malicious activity.
 
- Create a new file named `paperless.conf` in the `/etc/fail2ban/filter.d/` directory.
+    Create a new file named `paperless.conf` in the `/etc/fail2ban/filter.d/` directory.
 
- If you're using Paperless v1.14.0 to v1.16.5 add the following contents to the file:
+    If you're using Paperless v1.14.0 to v1.16.5 add the following contents to the file:
 
- ```
- [Definition]
- failregex = Login failed for user `.*` from (?:IP|private IP) `<HOST>\.`$
- ignoreregex =
- ```
+    ```
+    [Definition]
+    failregex = Login failed for user `.*` from (?:IP|private IP) `<HOST>\.`$
+    ignoreregex =
+    ```
 
- If you're using Paperless v1.16.6 or newer add the following contents to the file:
+    If you're using Paperless v1.16.6 or newer add the following contents to the file:
 
- ```
- [Definition]
- failregex = Login failed for user `.*` from (?:IP|private IP) `<HOST>`\.$
- ignoreregex =
- ```
+    ```
+    [Definition]
+    failregex = Login failed for user `.*` from (?:IP|private IP) `<HOST>`\.$
+    ignoreregex =
+    ```
 
- 3. Restart fail2ban
+3. Restart fail2ban
 
- Now that the jail and filter files have been created, you need to restart fail2ban for the changes to take effect.
+    Now that the jail and filter files have been created, you need to restart fail2ban for the changes to take effect.
 
- ```bash
- $ sudo systemctl restart fail2ban
- ```
+    ```bash
+    $ sudo systemctl restart fail2ban
+    ```
 
- 4. Test the Fail2ban Jail
+4. Test the Fail2ban Jail
 
- To test that the jail is working correctly, try logging into Paperless with an incorrect username or password multiple times from a different IP address. After the fifth attempt, fail2ban should ban the IP address.
+    To test that the jail is working correctly, try logging into Paperless with an incorrect username or password multiple times from a different IP address. After the fifth attempt, fail2ban should ban the IP address.
 
- You can view the status of the jail by running the following command:
+    You can view the status of the jail by running the following command:
 
- ```bash
- $ sudo fail2ban-client status paperless
- $ sudo fail2ban-client status paperless_proxy
- ```
+    ```bash
+    $ sudo fail2ban-client status paperless
+    $ sudo fail2ban-client status paperless_proxy
+    ```
 
- You can unban an IP address by running the following command:
- ```bash
- $ sudo fail2ban-client unban xx.xx.xx.xx
- ```
+    You can unban an IP address by running the following command:
+    ```bash
+    $ sudo fail2ban-client unban xx.xx.xx.xx
+    ```