sshd: sort IP adresses by report count

Resolves: RHEL-58995

logwatch.spec

@@ -2,10 +2,11 @@
 Summary: Analyzes and Reports on system logs
 Name: logwatch
 Version: 7.11
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: MIT
 URL: https://sourceforge.net/projects/logwatch/
 Source0: https://sourceforge.net/projects/logwatch/files/%{name}-%{version}/%{name}-%{version}.tar.gz
+Patch0: sshd-sort-by-count.patch
 BuildRequires: perl-generators
 Requires: grep
 Requires: perl(Date::Manip)
@@ -129,6 +130,10 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
 %{_unitdir}/logwatch.timer
 
 %changelog
+* Wed Nov 27 2024 Pavel Simovec <psimovec@redhat.com> - 7.11-2
+- sshd: sort IP adresses by report count
+- Resolves: RHEL-58995
+
 * Mon Nov 25 2024 Pavel Simovec <psimovec@redhat.com> - 7.11-1
 - Update to 7.11
 - Resolves: RHEL-58713

sshd-sort-by-count.patch

@@ -0,0 +1,22 @@
+--- a/scripts/services/sshd	2022-12-29 01:34:28.000000000 +0100
++++ b/scripts/services/sshd	2024-11-27 13:33:50.590755283 +0100
+@@ -548,7 +548,8 @@
+ 
+ if (keys %BadLogins) {
+    print "\nFailed logins from:\n";
+-   foreach my $ip (sort SortIP keys %BadLogins) {
++   my $totalSort = TotalCountOrder(%BadLogins, \&SortIP);
++   foreach my $ip (sort $totalSort keys %BadLogins) {
+       my $name = LookupIP($ip);
+       my $totcount = 0;
+       foreach my $user (keys %{$BadLogins{$ip}}) {
+@@ -571,7 +572,8 @@
+       print " (with threshold >= $IllegalUsersThreshold)";
+    }
+    print ":\n";
+-   foreach my $ip (sort SortIP keys %IllegalUsers) {
++   my $totalSort = TotalCountOrder(%IllegalUsers, \&SortIP);
++   foreach my $ip (sort $totalSort keys %IllegalUsers) {
+       my $name = LookupIP($ip);
+       my $totcount = 0;
+       foreach my $user (keys %{$IllegalUsers{$ip}}) {