sshd report - sort failed logins and illegal users by count, not IP address

logwatch.spec

@@ -1,7 +1,7 @@
 Summary: A log file analysis program
 Name: logwatch
 Version: 7.4.3
-Release: 19%{?dist}
+Release: 20%{?dist}
 License: MIT
 Group: Applications/System
 URL: http://www.logwatch.org/
@@ -32,6 +32,7 @@ Patch13: ignore-server-ready.patch
 Patch14: ras-correctable-errors.patch
 Patch15: deduplicate-sudo.patch
 Patch16: polkit-startup-messages.patch
+Patch17: sshd-sort-by-count.patch
 
 BuildRequires: perl-generators
 Requires: grep mailx
@@ -66,6 +67,7 @@ of the package on many systems.
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
 rm -f scripts/services/*.orig
 
 %build
@@ -165,6 +167,10 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
 %{_mandir}/man*/*
 
 %changelog
+* Wed Jun 28 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-20
+- sshd sort failed logins and illegal users by count, not IP address
+- Resolves: rhbz#2044101
+
 * Wed Jun 28 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-19
 - ignore harmless polkit startup messages
 - Resolves: rhbz#2043952

sshd-sort-by-count.patch

@@ -0,0 +1,23 @@
+--- a/scripts/services/sshd
++++ b/scripts/services/sshd
+@@ -566,7 +566,8 @@
+ 
+ if (keys %BadLogins) {
+    print "\nFailed logins from:\n";
+-   foreach my $ip (sort SortIP keys %BadLogins) {
++   my $totalSort = TotalCountOrder(%BadLogins, \&SortIP);
++   foreach my $ip (sort $totalSort keys %BadLogins) {
+       my $name = LookupIP($ip);
+       my $totcount = 0;
+       foreach my $user (keys %{$BadLogins{$ip}}) {
+@@ -587,7 +588,8 @@
+ 
+ if (keys %IllegalUsers) {
+    print "\nIllegal users from:\n";
+-   foreach my $ip (sort SortIP keys %IllegalUsers) {
++   my $totalSort = TotalCountOrder(%IllegalUsers, \&SortIP);
++   foreach my $ip (sort $totalSort keys %IllegalUsers) {
+       my $name = LookupIP($ip);
+       my $totcount = 0;
+       foreach my $user (keys %{$IllegalUsers{$ip}}) {
+