Squid

Nevermind about the diagnostics. You're correct. However the problem actually isn't with this plugin per se. Nerd Pack isn't working properly on 6.3.0-rc1 Going to the ransomware settings states that inotifytools isn't installed, and going to Nerd Pack settings just sits there on retrieving plugin information. Now this is a case that I have to handle, where inotify was installed, but no longer is, so kudos for finding that bug... But I think that dmascias also has something to do here...

Trying it now with rc1. But if you haven't rebooted, can you give me your diagnostics. Just about everything is logged on this plg.

What version of unRaid? @Squid, I'm glad you saw this, because I have no idea. Neither do I... Does the same thing on my system Weird thing is that during the initial install, it displayed this: Digest: sha256:1db3dbb722800da3899460e90ebdd0b2f1e893c79dc528cb73a83a658ebe0de3 Status: Downloaded newer image for hexparrot/mineos:node-jessie 1603d9cecc7fa948e84d4c595e4168392da9f5ba19b8af4c1652d74300806a04 Which I've never noticed before

(Couldn't resist)

Here's the explanation of why they should be the same when apps are communicating with each other http://lime-technology.com/forum/index.php?topic=40937.msg488507#msg488507

What version of unRaid?

Don't be too harsh on me... Went the entire weekend without a beer doing this... https://xkcd.com/323/ Always knew it... Development on CA definitely followed that curve

Actually, this *could* possibly be related to your other issue (which I've posted separately about). Unlikely since presumably you are getting 20% of new downloads properly, but anything's possible. BTW, what is your general Geographical location? Middle East?

While I suppose its possible that it unRaid's fault, its far more likely that Hollywood is issuing more takedown requests.

Initial tests: Remounting SMB as read-only: No issues... works perfectly from the command line. Will be added tomorrow. AFP/NFS. Since I don't run those particular protocols (and have no real way of running them anyways), I can't really check it out properly. Maybe one of the real linux / Apple guys here can help me out on this one. Problem with FTP is that there are multiple ways of running a server (built-in, plugins, numerous dockers) How do you detect and stop them all? FTP will remain on the backburner for a while. Added in automatic logging of smbstatus prior to taking down smb which should help in some diagnosis of this. Once again, since I don't use AFP/NFS not quite sure if there's an equivalent command. And, any command issued to determine status has to return results fast as any delays means potentially more files get encrypted.

Host path 5 (/mnt/disks) has to be set to slave mode for it to work consistently (Because you're referencing /mnt/disks which is the path that Unassigned Devices uses). Edit that path and set the mode to be RW,slave

I understand. I felt I needed to make the point though, because the efforts above to restart SMB were concerning to me. I could see users watching a movie, notice a brief pause, then settle back as the movie resumed, and only check for notifications hours later, while the ransomware continues merrily encrypting other stuff it can find on the network. It really seems safer to bring everything to a halt, until an unRAID administrator makes the decision that it's safe to continue. The effort that I'm going to investigate on restarting smb will be in read-only mode but if I can't get it bullet proof it won't be included Sent from my LG-D852 using Tapatalk

The older I get, the more that seems to happen to me also

Which is why the bait has the option to go everywhere. Downsides is that it also increases the chances of innocent modifcation. Excluded folders are today / tomorrow which after I released I realized is a must have. Appdata gets automatically excluded because it'll give inotify a heart attack having that many subfolders to handle (my plex has 200,000 +) Pdf I just skimmed the paper but it's nothing to add another bait file included (and the user has the option to override and use whatever they want) Yes or no confirmations on what to do in event of an attack I just don't see that as being an option. Take the system down and deal with the aftermath. Notifications are the last thing done after an action is taken, as that takes some time for dynamix to figure it out, send the email, etc. Stopping SMB et al is my personal preference, but as I noted above, unRaid restarts the service every minute if its not running. Still hoping Tom / Eric can help me out on that one, but as it stands it at least interrupts the attack and hopefully winds up cancelling it, and since unRaid stops the network services rather late in the stopping array procedure, its something that's got to be done anyways. Upshot is that the framework for everything is done which is the hardest part of the plugin. Adding extra actions etc is a cakewalk. Sent from my LG-D852 using Tapatalk

I don't know if a plugin has enough permissions to make such a change, though. EDIT: Forgot to say thank you Takes time. But that actually have me a similar idea . Sent from my LG-D852 using Tapatalk How about... Stop SMB/AFP/NFS unmount drives remount readonly Start SMB/AFP/NFS Basically. Stop and restart smb etc after modifying smb config for read only. Sent from my LG-D852 using Tapatalk

I don't know if a plugin has enough permissions to make such a change, though. EDIT: Forgot to say thank you Takes time. But that actually have me a similar idea . Sent from my LG-D852 using Tapatalk

What version of unRaid. Some old versions of 6 had issues with that, but I haven't noticed it lately

Previous apps only shows what you've previously had installed that is not currently installed. If there is something showing in previous apps that is showing in installed apps, then either - Its a bug you've found (although I've never seen it nor has anyone else reported it - but its always possible) - Somehow dockerMan didn't save the template properly when you originally added it (or the plugin manager didn't record when you removed a plugin) If a plugin isn't showing up anywhere (available, installed, or previous), then its a "foreign" plugin that can't be managed by CA. Some of bonienl's dynamix plugins (ie: bleeding edge) will do this. Alternatively, its possible that you manually cleaned up the files on the flash drive (in particular /config/plugins/dockerMan/templates-user and /config/plugins-removed) If you really want to see if its right, make a note of what is currently installed for docker, then stop the service, rename the docker.img file, then go to CA and see what is in Previous Apps. It should be bang on. If its not, I need to know the apps that aren't there and I'll fix the issue tout suite.

Don't be too harsh on me... Went the entire weekend without a beer doing this...

- Reserved -

Ransomware Protection This plugin is a specialized type of anti-virus designed to detect if a ransomware malware attack is happening on your server, and upon detection either take the server offline, or make all of your user shares read-only. It operates by using "bait files". These bait files can either be located within you normal user shares, or within specialized bait shares. Once an attack happens on one of the bait files, (either the contents are changed (ie: encrypted) or deleted (ie: renamed and encrypted), the plugin will take whatever action you specify. Response time is approximately 1/10th of a second. Full details on the setup and operation of the plugin are contained within the "Help" tab on the plugin's settings page You can install this plugin via Community Applications (the Apps tab) within the Plugins section (or just search for ransonware). This plugin requires unRaid 6.2+

Install the dynamix schedules plugin (find it in CA) and you can then adjust the time of day via Settings - Schedules - Fixed Schedules

Edit the container, then edit the path that has the host mounting with the UD mounted path, then change the mode to be either RW,slave or RO,slave depending upon your circumstances

Host path 1 (from looking at the container Path that displays on it) is the /config folder, and would get mounted to something like /mnt/cache/appdata/calibre Path 2 Is presumably a path to where your library is / will be stored

Yeah, not convinced anyone reads them either.... Change the title? [bROKEN][support] Linuxserver.io - Kodi-Headless I'll ask Squid to modify CA... Issue a pr on moderators.json in the moderator repo with what you want. Or pm with the details of what to say Sent from my LG-D852 using Tapatalk