Zentyal Forum, Linux Small Business Server

Zentyal Server => Contributions / Tips&Tricks / Features Requests => Topic started by: csabakv on December 15, 2016, 03:34:16 pm

Title: Feature request (Idea) - protect Samba shares with fail2ban
Post by: csabakv on December 15, 2016, 03:34:16 pm
I have an idea to protect Samba shares against the ransomwares.
My theory:
Ransomwares can access Samba shares, and they are able to rename and encrypt all files on it.
We can minimize the damage using fail2ban. If we use the known ransomware extensions (.locky, .aesir etc Complete list see : https://www.bleepingcomputer.com/forums/t/589811/updated-list-of-ransomware-file-names-and-extensions/ (https://www.bleepingcomputer.com/forums/t/589811/updated-list-of-ransomware-file-names-and-extensions/) ) in context with fail2ban, we could filter the mailcious renaming and encrypting. If fail2ban detects one of them, it can ban the affected computer, and send an email to administrator.
Is it possible to realize ?
Title: Re: Feature request (Idea) - protect Samba shares with fail2ban
Post by: half_life on December 15, 2016, 11:54:57 pm
Putting your shares on zfs and performing periodic snapshots makes you pretty much immune to ransomware attacks.  Once the infection is detected and the offending machine isolated, simply reverting to a snapshot from just before the event and you are back in business.
Title: Re: Feature request (Idea) - protect Samba shares with fail2ban
Post by: gwinton on December 20, 2016, 11:32:53 am
half_life can you elaborate on this? I would be very interested on using this. Thanks
Title: Re: Feature request (Idea) - protect Samba shares with fail2ban
Post by: theb2b on February 07, 2017, 07:46:35 pm
See this;

https://en.wikipedia.org/wiki/ZFS#LINUXNATIVE