If ASL is no longer blocking an IP, but you want to find out if it blocked it in the past you can check either the ASL GUI as explained in the article above, or you can also check the logs to see if an IP was blocked. To check the logs, run this command as root:
grep <IP> /var/ossec/logs/active-responses.log*
grep 18.104.22.168 /var/ossec/logs/active-responses.log*
Where 22.214.171.124 is the IP address you want to check. Keep in mind that if you have log rotation enabled, you may need to check the archived logs as well.
If you have compression enabled for your logs, you can do that with this command:
zgrep 126.96.36.199 /var/ossec/logs/active-responses.log*gz
If you do not have compression enabled for your logs, you can do that with this command:
grep 188.8.131.52 /var/ossec/logs/active-responses.log.*
You can also check your systems firewall at the system level if you are concerned that the shunning system may be corrupted or broken on your system by running this command:
iptables -L -n | grep 184.108.40.206
Where 220.127.116.11 is the IP address you want to check.
Note: If you have whitelisted an IP address, ASL will not shun the IP.