can anyone suggest a good brute force script using 'su'? Is it possible in the first place?

If your worried about a user doing a brute force there is a way to ensure whoever tries wastes their time,
install and configure sudo so only certain people can execute the su command
then once sudo is configured properly (man sudo for information on configuring sudo) do this:

chmod u-s /bin/su

ls -l /bin/su

So now even if an attacker cracks your root password he won't be able to su to root,

I got this tip off the Linux Mandrake sight which has a great article on using sudo,
visit www.mandrakesecure.net to read it.