#!/usr/bin/perl



open FILE, "/var/log/secure" or die $!;

my $curpos, %failures, $lastip, $for_a_while=3, $limit=5, %failtime, $timediff=900,$mytime;

for ($curpos = tell(FILE);<FILE>;$curpos = tell(FILE)){}

for (;;) {
for ($curpos = tell(FILE);<FILE>;$curpos = tell(FILE)) {
# search for some stuff and put it into files
if(/sshd\[(\d+)\]: Failed password.*::ffff:(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}).*/){
$mytime = time();
$lastip=$2;
if($failures{"$2"}){
if($mytime - $failtime{"$2"} <= $timediff){
$failures{"$2"}=$failures{"$2"}+1;
}
else
{
$failures{"$2"}=1;
$failtime{"$2"}=$mytime;
}
}
else{
$failures{"$2"}=1;
$failtime{"$2"}=$mytime;
}

}
elsif(/last message repeated (\d*) times/)
{
if($mytime - $failtime{"$lastip"} <= $timediff){
$failures{"$lastip"}=$failures{"$lastip"}+$1;
}
else
{
$failures{"$lastip"}=1;
$failtime{"$lastip"}=$mytime;
}
}

}

while (($key, $value) = each %failures)
{
if($failures{$key} >= $limit){
print "$key has $failures{$key} login failures, hence it is liable for blocking\n";
}
}


$mytime = time();
$key =();
$value = ();
while (($key, $value) = each %failtime)
{
if($mytime - $value > $timediff){
print "$key has exceeded the time limit ".($mytime - $value).": deleting from queue\n";
delete $failtime{$key};
}
}

sleep($for_a_while);
seek(FILE, $curpos, 0);
}