[code lang=”bash”]
#!/bin/sh
datestr=`date -d ‘2 minutes ago’ +"%b %e %H"`
/usr/bin/systemctl restart firewalld
sleep 10
/usr/bin/grep -w "authentication failure" /var/log/secure |/usr/bin/grep "$datestr"|grep rhost|grep pam_unix|awk ‘{print $14}’|awk -F ‘=’ ‘{print $2}’|sort|uniq -c|sort -n > iplist
cat iplist|while read line
do
num=`echo $line|awk ‘{print $1}’`
if [ $num -gt 10 ];then
ip=`echo $line|awk ‘{print $2}’`
/usr/sbin/iptables -I INPUT -s $ip -j DROP
fi
done
[/code]