O módulo pam_faillock foi apresentado a nós no Suporte técnico Notas para o Red Hat Enterprise Linux 6.1 . E de alguma forma isso voou sob o meu radar até agora.
BZ#644971
A new pam_faillock module was added to support temporary locking of user accounts in the event of multiple failed authentication attempts. This new module improves functionality over the existing pam_tally2 module, as it also allows temporary locking when the authentication attempts are done over a screen saver.
O Guia de Segurança explica-nos como este módulo deve ser usado na seção 2.1.9.5, Bloqueio de Conta.
Follow these steps to configure account locking:
To lock out any non-root user after three unsuccessful attempts and unlock that user after 10 minutes, add the following lines to the auth section of the
/etc/pam.d/system-authand/etc/pam.d/password-authfiles:auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 auth sufficient pam_unix.so nullok try_first_pass auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600Add the following line to the account section of both files specified in the previous step:
account required pam_faillock.so
Eu parei intencionalmente aqui porque isso fornecerá a funcionalidade que a maioria está procurando. Se você deseja incluir o usuário root, continue lendo no link fornecido.