Blocking Brute force attacks with PAM_ABL

[Flavio Sebastián Ortellao <daschapa () gmail com>]

First, let me introduce myself: My name is Flavio Ortellao, and I'm a
begginer in computer security area.
I started my path through security about a month ago.

I'm using Linux and I've just plugged a new module to PAM: ABL (an auto
black-list). I use this module as an experiment for ssh, but I can't get
it working.

So, this is my /etc/pam.d/sshd
auth       required     pam_shells.so
auth       required     pam_nologin.so
auth       required     pam_abl.so config=/etc/security/pam_abl.conf
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth


And this is my /etc/security/pam_abl.conf
# /etc/security/pam_abl.conf
# debug

host_db=/var/lib/abl/hosts.db
host_purge=2d
host_rule=*:5/1h,15/1d
#user_db=/var/lib/abl/users.db
#user_purge=2d
#user_rule=!root:10/1h,30/1d

But when i try to logon from my other machine, i can fail more than 15
times and i still can log-in when finally put the right user-pass

Anyone has an idea?

Thanx and excuse my english.