Author Topic: Feature request (Idea) - protect Samba shares with fail2ban  (Read 3272 times)

csabakv

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Feature request (Idea) - protect Samba shares with fail2ban
« on: December 15, 2016, 03:34:16 pm »
I have an idea to protect Samba shares against the ransomwares.
My theory:
Ransomwares can access Samba shares, and they are able to rename and encrypt all files on it.
We can minimize the damage using fail2ban. If we use the known ransomware extensions (.locky, .aesir etc Complete list see : https://www.bleepingcomputer.com/forums/t/589811/updated-list-of-ransomware-file-names-and-extensions/ ) in context with fail2ban, we could filter the mailcious renaming and encrypting. If fail2ban detects one of them, it can ban the affected computer, and send an email to administrator.
Is it possible to realize ?

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Feature request (Idea) - protect Samba shares with fail2ban
« Reply #1 on: December 15, 2016, 11:54:57 pm »
Putting your shares on zfs and performing periodic snapshots makes you pretty much immune to ransomware attacks.  Once the infection is detected and the offending machine isolated, simply reverting to a snapshot from just before the event and you are back in business.

gwinton

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Feature request (Idea) - protect Samba shares with fail2ban
« Reply #2 on: December 20, 2016, 11:32:53 am »
half_life can you elaborate on this? I would be very interested on using this. Thanks

theb2b

  • Zen Monk
  • **
  • Posts: 59
  • Karma: +2/-0
    • View Profile