#!/bin/sh
mailadd=root@localhost
if [ "$1" = "" ]
	then
	anz=10
else
	anz="$1"
fi
if [ ! -f /var/log/badip.log ]
	then
	touch /var/log/badip.log
fi
ipt=`/sbin/iptables -n -L|grep DROP|wc -l`
ipb=`cat /var/log/badip.log|wc -l`
if [ "$ipt" -gt "$ipb" ]
	then
	sed -i '$d' "$0"
	echo "###0 /var/log/badip.log" >> $0
fi
for a in `cat /var/log/auth.log|grep Failed|sed 's/from/#/g'|cut -f2 -d"#"|cut -f2 -d" "|sort`
	do 
	if [ "$x" = "$a" ]
		then 
		y=`expr $y + 1`
	else 
		y=`expr 0`
	fi
	if [ $y -gt "$anz" ]
		then 
		cat /var/log/badip.log|grep "$a" 1> /dev/null|| echo "$a" >> /var/log/badip.log
		y=`expr 0`
	fi
	x=$a
done
for a in `cat /var/log/auth.log|grep reverse|cut -f3 -d"["|cut -f1 -d"]"|sort -u`
	do
	if [ "$a" != "" ]
		then
		cat /var/log/badip.log|grep "$a" 1> /dev/null|| echo "$a" >> /var/log/badip.log
	fi
done
alt=`tail -n1 $0|cut -c4-|cut -f1 -d" "`
sed -i '$d' "$0"
echo "###"`wc -l /var/log/badip.log` >> $0
neu=`tail -n1 $0|cut -c4-|cut -f1 -d" "`
dif=`expr $neu - $alt`
if [ $dif -gt 0 ]
	then
	for a in `tail -n"$dif" /var/log/badip.log`
		do
		ipa=$a
		tpa=`echo $tpa + $a`
		/sbin/iptables -A INPUT -s "$ipa" -j DROP
	done
	echo "$tpa = gesperrt"|sed 's/+//g'|mail -s "$HOSTNAME - auth.log" $mailadd
fi
###0 /var/log/badip.log