stridemat Posted August 30, 2020 Share Posted August 30, 2020 (edited) On 8/26/2020 at 4:33 PM, binhex said: hmm that should work, i will do some further testing, as a possible workaround you could remove the exclude and instead use the include to only lock file types you want to have locked e.g. for ebooks *.epub, *.mobi etc. Any further thoughts? I can't really do as suggest as the list to include would be quite long and may miss some Here is the debug text. I can see no reason why it is not working as intended. Quote root@Tower:~# /mnt/user/appdata/no_ransom/no_ransom.sh --lock-files 'yes' --media-shares 'Test' --include-extensions '*.*' --exclude-extensions '*.jpg,*.opf,*.db,*.json' --debug 'yes' [info] Running no_ransom.sh script... [info] Checking we have all required parameters before running... [info] Finding share that match 'Test' on disk '/mnt/disk1'... [debug] find /mnt/disk1 -maxdepth 1 -type d -name Test [info] Share found, processing media share '/mnt/disk1/Test' using 'chattr' recursively... [debug] find /mnt/disk1/Test -type f \( -name "*.*" \) \( -not -name "*.jpg" -o -not -name "*.opf" -o -not -name "*.db" -o -not -name "*.json" \) -exec chattr +i {} \; [info] Processing finished for disk '/mnt/disk1' [info] [info] Finding share that match 'Test' on disk '/mnt/disk2'... [debug] find /mnt/disk2 -maxdepth 1 -type d -name Test [debug] No matching media share for disk '/mnt/disk2' [info] Processing finished for disk '/mnt/disk2' [info] [info] Finding share that match 'Test' on disk '/mnt/disk3'... [debug] find /mnt/disk3 -maxdepth 1 -type d -name Test [info] Share found, processing media share '/mnt/disk3/Test' using 'chattr' recursively... [debug] find /mnt/disk3/Test -type f \( -name "*.*" \) \( -not -name "*.jpg" -o -not -name "*.opf" -o -not -name "*.db" -o -not -name "*.json" \) -exec chattr +i {} \; [info] Processing finished for disk '/mnt/disk3' [info] [info] Finding share that match 'Test' on disk '/mnt/disk4'... [debug] find /mnt/disk4 -maxdepth 1 -type d -name Test [debug] No matching media share for disk '/mnt/disk4' [info] Processing finished for disk '/mnt/disk4' [info] [info] Finding share that match 'Test' on disk '/mnt/disk5'... [debug] find /mnt/disk5 -maxdepth 1 -type d -name Test [debug] No matching media share for disk '/mnt/disk5' [info] Processing finished for disk '/mnt/disk5' [info] [info] Finding share that match 'Test' on disk '/mnt/disk6'... [debug] find /mnt/disk6 -maxdepth 1 -type d -name Test [debug] No matching media share for disk '/mnt/disk6' [info] Processing finished for disk '/mnt/disk6' [info] [info] Finding share that match 'Test' on disk '/mnt/disks'... [debug] find /mnt/disks -maxdepth 1 -type d -name Test [debug] No matching media share for disk '/mnt/disks' [info] Processing finished for disk '/mnt/disks' [info] [info] no_ransom.sh script finished Edited August 30, 2020 by stridemat Quote Link to comment
binhex Posted September 2, 2020 Author Share Posted September 2, 2020 On 8/30/2020 at 4:24 PM, stridemat said: Any further thoughts? yep it was a bug in the find syntax, i have now tested and fixed it, please pull down the latest script, see OP for details, FYI the fixed version is 1.0.1. 1 Quote Link to comment
stridemat Posted September 2, 2020 Share Posted September 2, 2020 2 hours ago, binhex said: yep it was a bug in the find syntax, i have now tested and fixed it, please pull down the latest script, see OP for details, FYI the fixed version is 1.0.1. Excellent. Will take a look tonight. Quote Link to comment
stridemat Posted September 2, 2020 Share Posted September 2, 2020 4 hours ago, binhex said: yep it was a bug in the find syntax, i have now tested and fixed it, please pull down the latest script, see OP for details, FYI the fixed version is 1.0.1. Looks like that has done the job. Now to double check I don’t need any further file extensions excluded and will run on my media folder. Thanks! 1 Quote Link to comment
JasonK Posted September 8, 2020 Share Posted September 8, 2020 On 6/25/2020 at 10:43 AM, jonathanm said: I would think that if you are using UD devices for offsite physical backups, you would want to apply the immutable attribute to keep your backup media extra safe when you are accessing it for recovery purposes. until you have updated files you're trying to backup. Quote Link to comment
JonathanM Posted September 8, 2020 Share Posted September 8, 2020 3 minutes ago, JasonK said: until you have updated files you're trying to backup. In which case you remove the immutable attribute, do your update, then reset it. Quote Link to comment
s0b Posted January 10, 2021 Share Posted January 10, 2021 Truly appreciate this script. I never had problems with ransomware but heard enough stories to fear them. Mistakes were made when I setted up my shares and I used spaces in some of them, when I try to run the scripts this is the output: root@Fone:~# /mnt/user/appdata/no_ransom/no_ransom.sh --lock-files 'yes' --media-shares 'short films' --debug 'yes' [info] Running no_ransom.sh script... [info] Checking we have all required parameters before running... [info] Finding share that match 'short films' on disk '/mnt/disk1'... [debug] find /mnt/disk1 -maxdepth 1 -type d -name short films [info] Share found, processing media share '/mnt/disk1/short films' using 'chattr' recursively... [debug] find /mnt/disk1/short films -type f \( -name "*.*" \) -exec chattr +i {} \; find: ‘/mnt/disk1/short’: No such file or directory find: ‘films’: No such file or directory [info] Processing finished for disk '/mnt/disk1' [info] [info] Finding share that match 'short films' on disk '/mnt/disk2'... [debug] find /mnt/disk2 -maxdepth 1 -type d -name short films [debug] No matching media share for disk '/mnt/disk2' [info] Processing finished for disk '/mnt/disk2' [info] [info] Finding share that match 'short films' on disk '/mnt/disk3'... [debug] find /mnt/disk3 -maxdepth 1 -type d -name short films [info] Share found, processing media share '/mnt/disk3/short films' using 'chattr' recursively... [debug] find /mnt/disk3/short films -type f \( -name "*.*" \) -exec chattr +i {} \; find: ‘/mnt/disk3/short’: No such file or directory find: ‘films’: No such file or directory [info] Processing finished for disk '/mnt/disk3' [info] [info] Finding share that match 'short films' on disk '/mnt/disk4'... [debug] find /mnt/disk4 -maxdepth 1 -type d -name short films [info] Share found, processing media share '/mnt/disk4/short films' using 'chattr' recursively... [debug] find /mnt/disk4/short films -type f \( -name "*.*" \) -exec chattr +i {} \; find: ‘/mnt/disk4/short’: No such file or directory find: ‘films’: No such file or directory [info] Processing finished for disk '/mnt/disk4' [info] [info] Finding share that match 'short films' on disk '/mnt/disk5'... [debug] find /mnt/disk5 -maxdepth 1 -type d -name short films [debug] No matching media share for disk '/mnt/disk5' [info] Processing finished for disk '/mnt/disk5' [info] [info] Finding share that match 'short films' on disk '/mnt/disk6'... [debug] find /mnt/disk6 -maxdepth 1 -type d -name short films [info] Share found, processing media share '/mnt/disk6/short films' using 'chattr' recursively... [debug] find /mnt/disk6/short films -type f \( -name "*.*" \) -exec chattr +i {} \; find: ‘/mnt/disk6/short’: No such file or directory find: ‘films’: No such file or directory [info] Processing finished for disk '/mnt/disk6' [info] [info] Finding share that match 'short films' on disk '/mnt/disk7'... [debug] find /mnt/disk7 -maxdepth 1 -type d -name short films [info] Share found, processing media share '/mnt/disk7/short films' using 'chattr' recursively... [debug] find /mnt/disk7/short films -type f \( -name "*.*" \) -exec chattr +i {} \; find: ‘/mnt/disk7/short’: No such file or directory find: ‘films’: No such file or directory [info] Processing finished for disk '/mnt/disk7' [info] [info] Finding share that match 'short films' on disk '/mnt/disk8'... [debug] find /mnt/disk8 -maxdepth 1 -type d -name short films [info] Share found, processing media share '/mnt/disk8/short films' using 'chattr' recursively... [debug] find /mnt/disk8/short films -type f \( -name "*.*" \) -exec chattr +i {} \; find: ‘/mnt/disk8/short’: No such file or directory find: ‘films’: No such file or directory [info] Processing finished for disk '/mnt/disk8' [info] [info] Finding share that match 'short films' on disk '/mnt/disks'... [debug] find /mnt/disks -maxdepth 1 -type d -name short films [debug] No matching media share for disk '/mnt/disks' [info] Processing finished for disk '/mnt/disks' [info] [info] no_ransom.sh script finished After running it I have verified running "lsattr /mnt/user/short\ films/" that the files are still unprotected. Can I run the script somehow without changing my share names? Quote Link to comment
s0b Posted January 10, 2021 Share Posted January 10, 2021 After checking the script seems like adding single quotes on the line 164 solves my issue reported above From: eval "find ${media_shares_match} -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;" To: eval "find '${media_shares_match}' -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;" @binhex can create a pull request if you prefer Quote Link to comment
binhex Posted January 10, 2021 Author Share Posted January 10, 2021 15 minutes ago, s0b said: After checking the script seems like adding single quotes on the line 164 solves my issue reported above From: eval "find ${media_shares_match} -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;" To: eval "find '${media_shares_match}' -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;" @binhex can create a pull request if you prefer excellent!, yep agreed that looks like the fix, no need for PR i can do the change now, i will let you know once its in. Quote Link to comment
binhex Posted January 10, 2021 Author Share Posted January 10, 2021 ok the fix is now in for spaces in share names, during my testing i also noted the default include extensions should be * not *.*, to ensure files with no extension are also locked (if no include extension specified). 2 1 Quote Link to comment
s0b Posted January 10, 2021 Share Posted January 10, 2021 Thanks! Just downloaded the latest version and created a user script to execute it. Will sleep better now 1 Quote Link to comment
Zotarios Posted March 6, 2021 Share Posted March 6, 2021 Has someone created a custom rm binary so you can remove some certain file? I sometimes upgrade my plex media files and I don't want to have duplicates there. So, I don't want to be looking for what drive that certain file is on and "chattr -i" plus "rm". Sure I'm not the only one looking for this script 1 Quote Link to comment
b0n3v Posted March 9, 2021 Share Posted March 9, 2021 Very useful script, it's time to evolves in plugin with some GUI function for fast access. Thanks @binhex Quote Link to comment
s0b Posted April 15, 2021 Share Posted April 15, 2021 On 3/6/2021 at 5:36 PM, Zotarios said: Has someone created a custom rm binary so you can remove some certain file? I sometimes upgrade my plex media files and I don't want to have duplicates there. So, I don't want to be looking for what drive that certain file is on and "chattr -i" plus "rm". Sure I'm not the only one looking for this script I really need this. Im tempted to do it myself even if I never did an Unraid plugin, will give it a go. Quote Link to comment
kizer Posted April 15, 2021 Share Posted April 15, 2021 On 3/6/2021 at 8:36 AM, Zotarios said: Has someone created a custom rm binary so you can remove some certain file? I sometimes upgrade my plex media files and I don't want to have duplicates there. So, I don't want to be looking for what drive that certain file is on and "chattr -i" plus "rm". Sure I'm not the only one looking for this script I created some User.Scripts that call for different things so I can pin point some without locking/unlocking everything all the time so I can avoid dupes too. Sure you could run Chattr directly on the file and then just delete it, but honestly I get lazy and often forget code so I just make up some scripts and let them do the work. Security.Lock.Media locks TV share and Movies share Security.Unlock.Media unlocks TV share and Movies share Security.Unlock.TV unlocks TV share Security.Unlock.Movies unlocks Movies share on and on 1 Quote Link to comment
Zotarios Posted April 15, 2021 Share Posted April 15, 2021 1 hour ago, kizer said: I created some User.Scripts that call for different things so I can pin point some without locking/unlocking everything all the time so I can avoid dupes too. Sure you could run Chattr directly on the file and then just delete it, but honestly I get lazy and often forget code so I just make up some scripts and let them do the work. Security.Lock.Media locks TV share and Movies share Security.Unlock.Media unlocks TV share and Movies share Security.Unlock.TV unlocks TV share Security.Unlock.Movies unlocks Movies share on and on I was thinking something like a CLI command like: "rm-force" to do the job. It would be easy to implement, just find which disk contains the file remove chattr and remove. I'm too lazy so I just do a "no_ransomware include folder" atm Quote Link to comment
binhex Posted May 13, 2021 Author Share Posted May 13, 2021 OK guys, its been a while since i touched this script, mainly because it just works :-), small enhancement to the script, i have now added in the ability to 'lock' and 'unlock' chattr, in reality this simply changes permissions and renames the chattr binary to make it just that bit harder for any potential ransomware script to try and execute chattr to unlock media. It's switched on by default and will auto unlock on execution of the script and lock at the end, if you don't want this new functionality then you can switch this off by specifying the flag --secure-chattr 'no'. link to the script in first post of this thread. 1 3 Quote Link to comment
kizer Posted May 14, 2021 Share Posted May 14, 2021 Nice!!!!!! I was kinda wondering if there was a better way of insuring somebody couldn't just run chattr and remove the protection. Thank you for having the insight and willingness to do this. Just ran it across my media and seemed to work just fine. Was cool seeing the chattr binary in the logs being locked and unlocked too. 1 Quote Link to comment
binhex Posted May 14, 2021 Author Share Posted May 14, 2021 Nice!!!!!! I was kinda wondering if there was a better way of insuring somebody couldn't just run chattr and remove the protection. Thank you for having the insight and willingness to do this. Just ran it across my media and seemed to work just fine. Was cool seeing the chattr binary in the logs being locked and unlocked too. Glad it's working, it's odd the ideas thst spring to mind whilst having a shower Sent from my CLT-L09 using Tapatalk 1 Quote Link to comment
stridemat Posted May 14, 2021 Share Posted May 14, 2021 On 5/13/2021 at 2:34 PM, binhex said: OK guys, its been a while since i touched this script, mainly because it just works :-), small enhancement to the script, i have now added in the ability to 'lock' and 'unlock' chattr, in reality this simply changes permissions and renames the chattr binary to make it just that bit harder for any potential ransomware script to try and execute chattr to unlock media. It's switched on by default and will auto unlock on execution of the script and lock at the end, if you don't want this new functionality then you can switch this off by specifying the flag --secure-chattr 'no'. link to the script in first post of this thread. Thanks. Seems to have worked great. Quote Link to comment
kizer Posted May 14, 2021 Share Posted May 14, 2021 Binhex Sent you another idea via PM if your wanting tinker more. Quote Link to comment
Opawesome Posted May 26, 2021 Share Posted May 26, 2021 On 5/14/2021 at 11:40 PM, kizer said: Binhex Sent you another idea via PM if your wanting tinker more. Why not share with everyone ? Quote Link to comment
kizer Posted May 26, 2021 Share Posted May 26, 2021 3 hours ago, Opawesome said: Why not share with everyone ? I didn't want to clog up his Support Thread, but anyways this is what I suggested. ************************************************************************ One idea I just had. Currently your renaming chattr and changing its permission. Absolutely brilliant, however maybe include a variable so the user could change the rename so everybody has a totally different binary and really screw up bots/script kiddies? Say default is "rchatt" and everybody that uses it will have that as their default. Anybody who knows unraid and knows how to beat it will just bake that into their code and target unraid looking to rename rchatt to chattr or will simply run Chmod +x on rchatt. So I'm proposing something like the following #Edit below to set your Binary name default is rchatt Set your Binary name ="rchatt" It might be one more added thing that might be borderline paranoid, but really getting obscure should really confuse somebody. 1 1 Quote Link to comment
kizer Posted May 26, 2021 Share Posted May 26, 2021 @Opawesome Actually looks like there already is. lol readonly defaultSecureChattrRename="rttahc" Looks like he's updated the script from v1.0.2 to v1.0.3 and included it. Yahoo Thanks for the add binhex. Quote Link to comment
binhex Posted May 26, 2021 Author Share Posted May 26, 2021 4 hours ago, kizer said: @Opawesome Actually looks like there already is. lol readonly defaultSecureChattrRename="rttahc" Looks like he's updated the script from v1.0.2 to v1.0.3 and included it. Yahoo Thanks for the add binhex. yes i did half add it :-), so its more obvious how its set now but i haven't provided command line options for it yet, the reason being i got a little nervous about the following scenario:- script runs and renames chattr to default rename file user provides new name via the command parameter script blows up, reason - because the script no longer knows the previous name of the executable so cannot find and rename it. there is of course a reasonably simple solution to this as the rename is only temporary (ram), if the user reboots they will be back to a working system and next time the script runs it will know the name of the executable (as it hasnt been changed) and it can then use the user provided name and off it goes. so either i need to keep a history of names used (tricky), or instruct the user to reboot if the executable cannot be found (easier but not ideal). Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.