Brute Force Protection
Mark Ellzey Thomas has written a patch to tac_plus that prevents the brute force hacking of passwords. It works quite well in all my tests.
The following example would watch for 10 authentication failures within 60 seconds and, if triggered, disable user for 120 seconds.
auth-fail-lock 10 60 120
More info here:
https://github.com/ellzey/tac\_plus_AFL