2016
04.01

pam_tally2

Pam_tally2 is an account locking module for unix that will lock out an account for to many logins, you can use programs like fail2ban/csf to block the IP if it’s a remote service and it’s supported but┬áthere are cases where you may just wish to lock out that user instead (E.g if you know the IP is shared, or part of a multi-layered approach)

 

http://ubuntuforums.org/showthread.php?t=2295409&page=2 — The post by┬áBembot is mostly correct other than the typo it’s pam_tally2.so not pal_tally2

I also adjusted the timeout and got rid of magicroot.

/etc/pam.d/common-auth

auth required pam_tally2.so deny=3 unlock_time=xxxx

/etc/pam.d/common-account

account required pam_tally2.so deny=3 unlock_time=xxxx

Replace 3 with the desired threshold and xxxx with the time in seconds