From 831e1630dd7a7c5babb10be2238530ea2925fb9b Mon Sep 17 00:00:00 2001
From: Pavel Simovec <psimovec@redhat.com>
Date: Wed, 27 Nov 2024 13:48:46 +0100
Subject: [PATCH] sshd: sort IP adresses by report count

Resolves: RHEL-58995
---
 logwatch.spec            |  7 ++++++-
 sshd-sort-by-count.patch | 22 ++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 sshd-sort-by-count.patch

diff --git a/logwatch.spec b/logwatch.spec
index 60a9f86..84e624b 100644
--- a/logwatch.spec
+++ b/logwatch.spec
@@ -2,10 +2,11 @@
 Summary: Analyzes and Reports on system logs
 Name: logwatch
 Version: 7.11
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: MIT
 URL: https://sourceforge.net/projects/logwatch/
 Source0: https://sourceforge.net/projects/logwatch/files/%{name}-%{version}/%{name}-%{version}.tar.gz
+Patch0: sshd-sort-by-count.patch
 BuildRequires: perl-generators
 Requires: grep
 Requires: perl(Date::Manip)
@@ -129,6 +130,10 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
 %{_unitdir}/logwatch.timer
 
 %changelog
+* Wed Nov 27 2024 Pavel Simovec <psimovec@redhat.com> - 7.11-2
+- sshd: sort IP adresses by report count
+- Resolves: RHEL-58995
+
 * Mon Nov 25 2024 Pavel Simovec <psimovec@redhat.com> - 7.11-1
 - Update to 7.11
 - Resolves: RHEL-58713
diff --git a/sshd-sort-by-count.patch b/sshd-sort-by-count.patch
new file mode 100644
index 0000000..b88670d
--- /dev/null
+++ b/sshd-sort-by-count.patch
@@ -0,0 +1,22 @@
+--- a/scripts/services/sshd	2022-12-29 01:34:28.000000000 +0100
++++ b/scripts/services/sshd	2024-11-27 13:33:50.590755283 +0100
+@@ -548,7 +548,8 @@
+ 
+ if (keys %BadLogins) {
+    print "\nFailed logins from:\n";
+-   foreach my $ip (sort SortIP keys %BadLogins) {
++   my $totalSort = TotalCountOrder(%BadLogins, \&SortIP);
++   foreach my $ip (sort $totalSort keys %BadLogins) {
+       my $name = LookupIP($ip);
+       my $totcount = 0;
+       foreach my $user (keys %{$BadLogins{$ip}}) {
+@@ -571,7 +572,8 @@
+       print " (with threshold >= $IllegalUsersThreshold)";
+    }
+    print ":\n";
+-   foreach my $ip (sort SortIP keys %IllegalUsers) {
++   my $totalSort = TotalCountOrder(%IllegalUsers, \&SortIP);
++   foreach my $ip (sort $totalSort keys %IllegalUsers) {
+       my $name = LookupIP($ip);
+       my $totcount = 0;
+       foreach my $user (keys %{$IllegalUsers{$ip}}) {