gazzew Posted June 4, 2021 Share Posted June 4, 2021 Can a new feature be added to UNRAID OS to manage share/data structures -- goal of protection from ransomware attacks 1) watchdog that monitors reads/writes and if threshold is met (example 20 file read/writes), trigger an alarm/lock down the share 2) add logic into mover such that if too many sequential files are in the cache drive, the data is not moved to spindle and and alarm/lock down of share occurs 3) add an admin tool to manage settings 3a) configure/audit file shares (read only, read/write, etc...) 3b) set trigger thresholds on cache based shares 3c) configure mover rules (are there deviations from the standard baseline that indicate ransomeware attack) 3d) configure actions for when an alarm/event is triggered (email, popup box, lockout share, ??????) I believe the framework is in place (cache front end to SMB shares, passthru reads from spindle, mover), and with a little more logic, this could be implemented easily. I don't get to the unraid forums very often, but if mods/dev team want to chat, contact me via discord - gazzew#0360 Best regards, Paul Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.