#!/bin/bash
ip=`awk '{print $0}' /var/log/secure |grep -i "fail" |egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}"|sort -nr|uniq -c|awk '$1>=5 {print $2}'`
if [ ! -z $ip ]
then
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=${ip} drop"
firewall-cmd --reload
fi