#!/bin/sh SCANIP=`grep "Failed" /var/log/secure | awk '{print $(NF-3)}' | sort

1. #!/bin/sh
2. SCANIP=`grep "Failed" /var/log/secure | awk '{print $(NF-3)}' | sort | uniq -c | awk '{print $1"="$2;}'`
3. for i in $SCANIP
4. do
5. NUMBER=`echo $i | awk -F= '{print $1}'`
6. SCANIP=`echo $i | awk -F= '{print $2}'`
7. echo "$SCANIP:$NUMBER"
8. if [ $NUMBER -gt 10 ]
9. then
10. grep $SCANIP /etc/hosts.deny >/dev/null 2>&1 || echo "sshd:$SCANIP" >> /etc/hosts.deny
11. echo "`date` $SCANIP $NUMBER" >> /var/log/scanip.log
12. fi
13. done