ASL has blocked packets from an IP that was shunned by ASL due to a rule violation. By default, these shuns are temporary. You can find out why a shun occurred and remove a shun by following the process in this article:
https://www.atomicorp.com/wiki/index.php/Using_ASL#Why_did_ASL_block_an_IP.3F
You can manually remove a shun by following this process:
https://www.atomicorp.com/wiki/index.php?title=Using_ASL#How_do_you_unblock_an_IP_in_ASL.3F
This capability in ASL is enabled by default, and is controlled by this setting:
https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#OSSEC_ACTIVE_RESPONSE
Shuns are, by default, automatically removed based on this setting:
https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#OSSEC_SHUN_ENABLE_TIMEOUT
The timeout to automatically remove shuns is set by this configuration setting:
https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#OSSEC_SHUN_TIME
Note: These rules are labeled in netfilter with "ASL-ACTIVE-RESPONSE" as the label.
Comments
0 comments
Please sign in to leave a comment.