pam_abl PAM Module
pam_abl is a pam module designed to automatically block hosts which are attempting a brute force attack. Brute force attacks are an unsophisticated way to find authentication credentials. Basically, a computer is setup to try all kinds of user names and password combinations until one works. It may sound fairly far fetched, but it does actually work. Many system accounts have common user names. Passwords are also easily guessable in many situations.
pam_abl is able to protect any service which uses it for authentication. It works on the assumption that an attacker won't get the password right without a lot of trying. It watches for attacks by counting how many times a certain user or host tries to log into the service unsuccessfully. When a set number of failed logins occurs, the host or user name is recorded. After that point, it will be impossible for that user or host to successfully log in. The attacker can keep trying as much as he wants, but will never find a way to login with his current method.
Command line interface
Although pam_abl is a PAM module, you can also use it in applications that are not PAM enabled (eg. an FTP server using a custom authentication method to validate virtual users). For these situations, there is a also a command line (scriptable) interface to all the data in the database. This allows sharing of authentication failure data between PAM applications and non-PAM applications. It makes it fairly easy for a system administrator to manage or manipluate the system.
An example of how to use the command line interface can be seen here in a simple patch used by A2 Hosting for their cpanel FTP logins. This patches the pureauth script that is used by purefptd to authenticate virtual users so it uses the pam_abl instead of hulkd.