The method to utilize this is via PAM, and specifically the faillock module. Here's how I made it work on mine (albeit I'm running 23.04, but I did check that the same module exists on 22.04):
- Open a terminal
- Make a backup of the file
/etc/pam.d/common-auth for instance with issuing a command
sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.original
- Open the file
/etc/pam.d/common-auth in your favourite editor (and don't forget to use sudo!)
- As the first line right after
# here are the per-package modules (the "Primary" block) add
auth required pam_faillock.so preauth audit deny=20 unlock_time=900
- As first two lines right after
# here's the fallback if no module succeeds add
auth [default=die] pam_faillock.so authfail audit deny=20 unlock_time=900
auth sufficient pam_faillock.so authsucc audit deny=20 unlock_time=900
If you want to add a period during which the failed attempts are counted, the fail_interval=60 option will set a period of one (1) minute.
In my testing, I set the deny value to three (3) failed attempts and the unlock_time to 20 seconds , and after the required failed attempts I saw the following:
[18:50:59] /home/jaska/> su jjo
The account is locked due to 3 failed logins.
(1 minute left to unlock)
Hope this helps, further reading on the module: https://manpages.ubuntu.com/manpages/jammy/en/man8/pam_faillock.8.html
https://kifarunix.com/lock-linux-user-account-after-multiple-failed-login-attempts/
