Information
The pam_faillock.so module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than deny consecutive failed authentications. It stores the failure records into per-user files in the tally directory
Rationale:
Locking out user IDs after n unsuccessful consecutive login attempts mitigates brute force password attacks against your systems.
Solution
Run the following commands to include the with-faillock option to the current authselect profile:
# authselect enable-feature with-faillock
# authselect apply-changes