Have you ever consider adding more security to your linux box? Have you ever needed to audit your machine for fail login attempts? If so, then pam_tally is for you. Pam_tally can audit and lock out failled attempts.
Here are the steps to initialize pam_tally
1) Edit your system-auth file
root@localhost> vi /etc/pam.d/system-auth
..add the following lines
auth required /lib/security/pam_tally.so onerr=fail no_magic_root
account required /lib/security/pam_tally.so deny=5 no_magic_root reset
2) Next, you will need to create the faillog file.
root@localhost> touch /var/log/faillog
3) In order to check the lockouts counts, run this command...
4) To reset any lockout, you must type the following command...
root@localhost> pam_tally --user USERNAME --reset
5) Additionally, you can set a cronjob to run this command every night and logged it into a file.
root@localhost> crontab -e
...add this line and change the FILE.txt to preferred log file...
59 23 * * * /sbin/pam_tally > FILE.txt
...if you preferred to send the result to an email, then use this...
59 23 * * * /usr/sbin/sendmail USER@SOMEWHERE < `/sbin/pam_tally`