Active Response/shun per shell command?

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
Post Reply
noox
Forum User
Forum User
Posts: 11
Joined: Sat Jan 11, 2014 9:00 am
Location: Austria

Active Response/shun per shell command?

Unread post by noox »

Is it possible to shun an IP by a shell command?

From time to time I have massive distributed FTP login attempts. I've found out that I can create my own login script with PureFTP. Most of the I can easily identify as attacks.

It would be cool if I can shun them right away from the login script. But if I call the shun script these IPs never get removed.

Last time I had these login attempts I blocked them with ASL, but ASL does not support that any more.
Top
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: Active Response/shun per shell command?

Unread post by prupert »

Perhaps file them as a request for a HIDS rule so it works correctly and other ASL users can benefit as well?
Lemonbit Internet Dedicated Server Management
Top
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Active Response/shun per shell command?

Unread post by mikeshinn »

Thank you for the question, no you cant shun at this time, only blacklist. But if you'd send us the events in question we'd be happy to add in rules to take care of these events for you. And/Or if you prefer to just be able to shun from the command line, please open a feature request or send us an email with how you'd like that feature to work.
Top
Post Reply

Return to “Atomic Protector (formerly ASL)”