Display recent login failures on login
There are a couple of packages that you can use to help with brute force attacks.
- Denyhosts
- Fail2ban
To collect logs and send you a report you can use logwatch. It can send a summary of failed logons as well.
To answer your original question you can put your script in "/etc/profile.d/yourscript.sh" and it should be executed on login.
You might also consider setting up the arno-iptables-firewall package.
It's really shell dependent. For bash
, you should put it in .bash_login
file.
Regarding brute force atack prevention, aside from what's already been sugested for blacklisting the attacker's IP, I usually tell sshd to listen on a nonstandard port and disable the password authentication. Of course, that might not always be possible, but it sure is effective.