# failed logins from a single address before ban
# uncomment to override conf.bfd trig value
# TRIG="10"

# file must exist for rule to be active
REQ="/usr/sbin/sshd"

if [ -f "$REQ" ]; then
 LP="$AUTH_LOG_PATH"
 TLOG_TF="sshd"
 TMP="/usr/local/bfd/tmp"

 ## SSHD
 ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | sed -e 's/::ffff://' | grep -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sed -n -e '/sshd/s/.*user \(.*\) from \([^ ]*\).*/\2:\1/p' -e '/sshd/s/.*Failed password for \(.*\) from \([^ ]*\).*/\2:\1/p'`
fi