[Samba] Ransomware?

Denis Cardon denis.cardon at tranquil-it-systems.fr
Thu May 19 19:49:13 UTC 2016

Hi gimili,

> Would something like this help?  I put a bunch of junk pictures and
> other files in a samba share that everyone has access to.  If I modify
> them in any way, I get warned.  I was thinking it might warn me so I
> could prevent it spreading to backups.
> #!/bin/sh
> $MY_EMAIL="some at email.com"
> $MY_DIR=/home/shared_to_everyone_via_samba/pictures_for_test_sub_folder
> while inotifywait -qre modify "$MY_DIR"; do
>      #play a sound on server
>      play -v .3 /home/warning.wav
>      #send an email
>      mail -s "Possible malware" $MY_EMAIL </home/warning.txt
> done

if you have only samba access to that directory, you can use 
full_audit[1] vfs module instead of inotify to track which files are 
written to.



[1] https://www.samba.org/samba/docs/man/manpages-3/vfs_full_audit.8.html


Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0)

More information about the samba mailing list