[Samba] Ransomware?
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Thu May 19 19:49:13 UTC 2016
Hi gimili,
> Would something like this help? I put a bunch of junk pictures and
> other files in a samba share that everyone has access to. If I modify
> them in any way, I get warned. I was thinking it might warn me so I
> could prevent it spreading to backups.
>
>
> #!/bin/sh
>
> $MY_EMAIL="some at email.com"
> $MY_DIR=/home/shared_to_everyone_via_samba/pictures_for_test_sub_folder
>
> while inotifywait -qre modify "$MY_DIR"; do
> #play a sound on server
> play -v .3 /home/warning.wav
> #send an email
> mail -s "Possible malware" $MY_EMAIL </home/warning.txt
> done
if you have only samba access to that directory, you can use
full_audit[1] vfs module instead of inotify to track which files are
written to.
Cheers,
Denis
[1] https://www.samba.org/samba/docs/man/manpages-3/vfs_full_audit.8.html
>
>
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list