linux-security-log-failed-attempts
faillog -u root
faillog -a
faillog -l 180 (lockout user account for 180 seconds after a fail)
faillog -l 180 USERNAME
faillog -M 10 -u ubuntu (lock user after 10 failed attempts)
faillog -r (reset the counter for all users) faillog -r -u ubuntu (reset the counter for one user)
OBVIOUSLY a cron job can be combined with this to help prevent brute force attacks...
crontab -e @weekly /usr/bin/faillog -r
ssh? grep "authentication failure" /var/log/secure | awk '{ print $13 }' | cut -b7- | sort | uniq -c