Setelah googling kesana kesini, akhrinya dapat cara sederhana untuk mengantisipasi serangan brute force SSH

#!/bin/bash
#This script will monitor for failed login attempts and after a specified number of times add the ip to a deny list
#Chad
LOGFILE=”/var/log/secure”
HOSTSDENY=”/etc/hosts.deny”
BADCOUNT=”5″
# read logfile and look for invalid login attemps
grep sshd $LOGFILE |grep “Invalid user”| awk ‘{print $NF}’|sort|uniq -c|sort -n|sed “s/[[:space:]]*//” | while
read i
do
# read number of failed attempts
count=`echo $i | cut -d” ” -f1`
# read ip address from failed attempt
ip=`echo $i | cut -d” ” -f2`
#check hostdeny file to see if IP already exist
already=`grep $ip $HOSTSDENY | grep sshd`
#if IP does not exist add it to hostdeny file
if [ -z "$already"  ]
then
if [ "$count" -ge "$BADCOUNT" ]
then
echo “sshd: “$ip >> $HOSTSDENY
fi
fi
done

Simpan script di atas dan jalankan dengan cron. Disini kita memanfaatkan hosts.deny , sehingga untuk 5 kali failed login SSH, secara otomatis IP nya akan di masukkan ke dalam hosts.deny server