You can use fail2ban for this. fail2ban is usually used to prevent remote attacks, but fail2ban is just some perl that looks at logs and uses iptables to prevent further attempts. You can edit the source to 1) find the desired failures (e.g. not necessarily just remote connections) 2) in addition to iptables: if the user account exists locally, passwd -l $USER to lock the account 3) at the ban expiration, passwd -u $USER to unlock.
|