RWSecure parses the /var/log/secure (or specified secure log) file for invalid usernames or failed passwords. If more than a specified number of invalid or failed attempts are made by one IP, indicating a brute force attack, it will add that IP to your /etc/hosts.deny file by default.
