#!bin/bash
#Intercept illegal IP addresses
month=$(LANG=C date +"%b")
day=$(LANG=C date +"%e")
now=$(LANG=C date +"%T")
ten=$(LANG=C date -d "10 minutes ago" +"%T")
cat /var/log/secure |awk '$1=="'$month'" && $2=='"$day"' && $3>="'$ten'" && $3<="'$now'" { print}' |grep 'Failed'|awk -F'from' '{ print $2}' |awk '{ print $1}'|sort |uniq -c > baduser.txt
#Number of calculations
times=`awk '{ print $1 }' baduser.txt`
#banned IP address
seq=1
for i in $times
do
ip=`sed -n ''$seq'p' baduser.txt |awk '{ print $2}'`
if [ $i -ge 3 ]
then
firewall-cmd --add-rich-rule='rule family=ipv4 source address='$ip' port port=22 protocol=tcp reject' --timeout=6h
fi
seq=`expr $seq + 1`
done