The first point could be implemented on the basis of the existent IDS/IPS module (however it's a really heavy service)
In relation to the third one, I think that it could be easily implemented.
The two factors authentication could be easy through some third party PAM module.
It seems to be interesting.
Cheers!