Get a list of IP addresses trying to attack your CentOS server

getbadguys.sh

#/usr/bin/bash
# strings to look for in our file
# Note: you could just parse the whole file. But if you put in a bad password your IP 
# could end up on the bad guy list
declare -a badstrings=("Failed password for invalid user"
                "input_userauth_request: invalid user"
                "pam_unix(sshd:auth): check pass; user unknown"
                "input_userauth_request: invalid user"
                "does not map back to the address"
                "pam_unix(sshd:auth): authentication failure"
                "input_userauth_request: invalid user"
                "reverse mapping checking getaddrinfo for"
                "input_userauth_request: invalid user"
                )
# search for each of the strings in your file (this could probably be a one liner)
for i in "${badstrings[@]}"
    do
    # look for each term and add new IPs to text file
    cat /var/log/secure | grep "$i" | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | awk '{print $0}' | sort | uniq >> "temp.txt"
    done

# grab unique ips from temp and put them in a file
cat "temp.txt" | sort | uniq > "badguyips.txt"
# remove the temp file
rm "temp.txt"

After getting the ips in a file do:

#!/bin/bash
input="badguyips.txt"
while IFS= read -r line
do
  iptables -A INPUT -s $line -j DROP
done < "$input"

service iptables save