Secure Desktops = Happy Networks
By Lyne Bourque
Back to Basics: Strong passwords and standardized desktops go a long way toward beefing up network security and keeping help desk activity to manageable levels.

For many Linux and Unix systems, you can use PAM (pluggable authentication modules) to enforce lockout after too many attempts. Adding two lines like the following in the /etc/pam.d/system-auth will help lock out the account.

auth required /lib/security/$ISA/ onerr=fail no_magic_root

This line will keep track of each failed login and failed su attempts for each user...