Well this can be done by installing the csf firewall found here:
http://www.configserver.com/cp/csf.html
It can do all the following:
This suite of scripts provides:
* Straight-forward SPI iptables firewall script
* Daemon process that checks for login authentication failures for:
o courier imap and pop3
o ssh
o non-ssl cpanel / whm / webmail (ssl cpanel/whm login tracking support available in EDGE release)
o pure-pftd
o password protected web pages (htpasswd)
o mod_security failures
* POP3/IMAP login tracking to enforce logins per hour
* SSH login notification
* SU login notification
* Excessive connection blocking
* WHM configuration interface
* WHM iptables report log
* Easy upgrade between versions from within WHM
* Pre-configured to work on a cPanel server with all the standard cPanel ports open
* Auto-configures the SSH port if it's non-standard on installation
* Block traffic on unused server IP addresses - helps reduce the risk to your server
* Alert when end-user scripts sending excessive emails per hour - for identifying spamming scripts
* Suspicious process reporting - reports potential exploits running on the server
* Excessive cPanel user processes reporting
* Excessive cPanel user process usage reporting and optional termination
* Suspicious file reporting - reports potential exploit files in /tmp and similar directories
* Directory and file watching - reports if a watched directory or a file changes
* Block traffic on the DShield Block List and the Spamhaus DROP List
* Pre-configured settings for Low, Medium or High firewall security
* Works with multiple ethernet devices
* Server Security Check - Performs a basic security and settings check on the server
* Allow Dynamic DNS IP addresses - always allow your IP address even if it changes whenever you connect to the internet
* Alert sent if server load average remains high for a specified length of time
To enable the ssh login failure detection do:
LF_SSHD = "1"
