柔軟性0なsshをはじくswatchrcメモ
watchfor /Invalid user \S+ from (\S+)/i mail=root,subject=swatch_error_log bell 3 exec="echo sshd: $1 >> /etc/hosts.deny " watchfor /User \S+ from (\S+) not allowed because not listed in AllowUsers/i mail=root,subject=swatch_not_allowed bell 2 exec="echo sshd: $1 >> /etc/hosts.deny "
外部にメールとばすくらいはしてもいいかも