1) To implement /etc/hosts.deny. Simply add any entry to the file, containing the service and IP address you wish to block. For example:
# See `man tcpd´ and `man 5 hosts_access´ as well as /etc/hosts.allow
# for a detailed description.
http-rman : ALL EXCEPT LOCAL
In this sample three IP addresses have been banned from accessing ssh.
2) To enhance the security around ssh, edit /etc/ssh/sshd_config
Set PermitRootLogin to without-password i.e.
If this option is set to 'without-password' password authenti*cation is disabled for root. Therefore, root cannot logon remotely: unless you certificates set-up.
Reduce the LoginGraceTime
The server disconnects after this time if the user has not suc*cessfully logged in. If the value is 0, there is no time limit. The default is 120 seconds. I would reduce this to around 15 seconds. This slows down anyone trying to brute force your system.
There are lots of other settings. Take a look at the man page for sshd_config