Display recent login failures on login

There are a couple of packages that you can use to help with brute force attacks.

1. Denyhosts
2. Fail2ban

To collect logs and send you a report you can use logwatch. It can send a summary of failed logons as well.

To answer your original question you can put your script in "/etc/profile.d/yourscript.sh" and it should be executed on login.

You might also consider setting up the arno-iptables-firewall package.

It's really shell dependent. For bash, you should put it in .bash_login file.

Regarding brute force atack prevention, aside from what's already been sugested for blacklisting the attacker's IP, I usually tell sshd to listen on a nonstandard port and disable the password authentication. Of course, that might not always be possible, but it sure is effective.

Put everything in /etc/profile.

It will run everything in /etc/profile before going to your shell startup file.

What I finally ended up doing was creating a .profile.d directory in my home directory, and copying the execution loop from /etc/profile to my $HOME/.profile. I then placed my displayAttacks.sh script into my $HOME/.profile.d directory (as well as my other init scripts).

The addition to .profile follows.

if [ -d "${HOME}/.profile.d" ]; then
  for i in ${HOME}/.profile.d/*.sh; do
    if [ -r "$i" ]; then
      . "$i"
    fi
  done
  unset i
fi

There is a perl script, SSHBlock that can be used against brute forcing SSH.
It follows a frequent attempt from an IP address and slows down their attempts.

You have some issues in there. First, any non-root user should not be able to read the auth log file. If you are logging in as root, don't do it anymore :)

Second, use a proper tool for that. I like OSSEC's approach to email me for every X number of failed logins within a period of time. It also blocks the ip automatically, reducing the chance of a brute-force attack succeeding.