Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Script] binhex - no_ransom.sh

Featured Replies

On 8/26/2020 at 4:33 PM, binhex said:

hmm that should work, i will do some further testing, as a possible workaround you could remove the exclude and instead use the include to only lock file types you want to have locked e.g. for ebooks *.epub, *.mobi etc.

Any further thoughts? I can't really do as suggest as the list to include would be quite long and may miss some :(

 

Here is the debug text. I can see no reason why it is not working as intended.

Quote

root@Tower:~# /mnt/user/appdata/no_ransom/no_ransom.sh --lock-files 'yes' --media-shares 'Test' --include-extensions '*.*' --exclude-extensions '*.jpg,*.opf,*.db,*.json' --debug 'yes'
[info] Running no_ransom.sh script...
[info] Checking we have all required parameters before running...
[info] Finding share that match 'Test' on disk '/mnt/disk1'...
[debug] find /mnt/disk1 -maxdepth 1 -type d -name Test
[info] Share found, processing media share '/mnt/disk1/Test' using 'chattr' recursively...
[debug] find /mnt/disk1/Test -type f  \( -name "*.*" \)  \( -not -name "*.jpg" -o -not -name "*.opf" -o -not -name "*.db" -o -not -name "*.json" \) -exec chattr +i {} \;
[info] Processing finished for disk '/mnt/disk1'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk2'...
[debug] find /mnt/disk2 -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disk2'
[info] Processing finished for disk '/mnt/disk2'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk3'...
[debug] find /mnt/disk3 -maxdepth 1 -type d -name Test
[info] Share found, processing media share '/mnt/disk3/Test' using 'chattr' recursively...
[debug] find /mnt/disk3/Test -type f  \( -name "*.*" \)  \( -not -name "*.jpg" -o -not -name "*.opf" -o -not -name "*.db" -o -not -name "*.json" \) -exec chattr +i {} \;
[info] Processing finished for disk '/mnt/disk3'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk4'...
[debug] find /mnt/disk4 -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disk4'
[info] Processing finished for disk '/mnt/disk4'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk5'...
[debug] find /mnt/disk5 -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disk5'
[info] Processing finished for disk '/mnt/disk5'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk6'...
[debug] find /mnt/disk6 -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disk6'
[info] Processing finished for disk '/mnt/disk6'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disks'...
[debug] find /mnt/disks -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disks'
[info] Processing finished for disk '/mnt/disks'
[info]
[info] no_ransom.sh script finished

 

Screenshot from 2020-08-30 16-31-17.png

Edited by stridemat

  • Replies 80
  • Views 26.5k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • OK guys, its been a while since i touched this script, mainly because it just works :-), small enhancement to the script, i have now added in the ability to 'lock' and 'unlock' chattr, in reality this

  • ok the fix is now in for spaces in share names, during my testing i also noted the default include extensions should be * not *.*, to ensure files with no extension are also locked (if no include exte

  • there are a 4 advantages that i can think of using my script over setting shares to read only:-   1. you can still add new files/folders to the share - the share is not read only and newly crea

Posted Images

  • Author
On 8/30/2020 at 4:24 PM, stridemat said:

Any further thoughts?

yep it was a bug in the find syntax, i have now tested and fixed it, please pull down the latest script, see OP for details, FYI the fixed version is 1.0.1.

2 hours ago, binhex said:

yep it was a bug in the find syntax, i have now tested and fixed it, please pull down the latest script, see OP for details, FYI the fixed version is 1.0.1.

Excellent. Will take a look tonight. 

4 hours ago, binhex said:

yep it was a bug in the find syntax, i have now tested and fixed it, please pull down the latest script, see OP for details, FYI the fixed version is 1.0.1.

Looks like that has done the job. Now to double check I don’t need any further file extensions excluded and will run on my media folder. Thanks!

On 6/25/2020 at 10:43 AM, jonathanm said:

I would think that if you are using UD devices for offsite physical backups, you would want to apply the immutable attribute to keep your backup media extra safe when you are accessing it for recovery purposes.

until you have updated files you're trying to backup.

3 minutes ago, JasonK said:

until you have updated files you're trying to backup.

In which case you remove the immutable attribute, do your update, then reset it.

  • 4 months later...

Truly appreciate this script. I never had problems with ransomware but heard enough stories to fear them.

Mistakes were made when I setted up my shares and I used spaces in some of them, when I try to run the scripts this is the output:
 

root@Fone:~# /mnt/user/appdata/no_ransom/no_ransom.sh --lock-files 'yes' --media-shares 'short films' --debug 'yes'
[info] Running no_ransom.sh script...
[info] Checking we have all required parameters before running...
[info] Finding share that match 'short films' on disk '/mnt/disk1'...
[debug] find /mnt/disk1 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk1/short films' using 'chattr' recursively...
[debug] find /mnt/disk1/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk1/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk1'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk2'...
[debug] find /mnt/disk2 -maxdepth 1 -type d -name short films
[debug] No matching media share for disk '/mnt/disk2'
[info] Processing finished for disk '/mnt/disk2'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk3'...
[debug] find /mnt/disk3 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk3/short films' using 'chattr' recursively...
[debug] find /mnt/disk3/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk3/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk3'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk4'...
[debug] find /mnt/disk4 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk4/short films' using 'chattr' recursively...
[debug] find /mnt/disk4/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk4/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk4'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk5'...
[debug] find /mnt/disk5 -maxdepth 1 -type d -name short films
[debug] No matching media share for disk '/mnt/disk5'
[info] Processing finished for disk '/mnt/disk5'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk6'...
[debug] find /mnt/disk6 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk6/short films' using 'chattr' recursively...
[debug] find /mnt/disk6/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk6/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk6'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk7'...
[debug] find /mnt/disk7 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk7/short films' using 'chattr' recursively...
[debug] find /mnt/disk7/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk7/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk7'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk8'...
[debug] find /mnt/disk8 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk8/short films' using 'chattr' recursively...
[debug] find /mnt/disk8/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk8/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk8'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disks'...
[debug] find /mnt/disks -maxdepth 1 -type d -name short films
[debug] No matching media share for disk '/mnt/disks'
[info] Processing finished for disk '/mnt/disks'
[info]
[info] no_ransom.sh script finished


After running it I have verified running "lsattr /mnt/user/short\ films/" that the files are still unprotected. Can I run the script somehow without changing my share names?

After checking the script seems like adding single quotes on the line 164 solves my issue reported above

From:

eval "find ${media_shares_match} -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;"

 

To:

eval "find '${media_shares_match}' -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;"

 

@binhex can create a pull request if you prefer

  • Author
15 minutes ago, s0b said:

After checking the script seems like adding single quotes on the line 164 solves my issue reported above

From:


eval "find ${media_shares_match} -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;"

 

To:


eval "find '${media_shares_match}' -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;"

 

@binhex can create a pull request if you prefer

excellent!, yep agreed that looks like the fix, no need for PR i can do the change now, i will let you know once its in.

  • Author

ok the fix is now in for spaces in share names, during my testing i also noted the default include extensions should be * not *.*, to ensure files with no extension are also locked (if no include extension specified).

Thanks! Just downloaded the latest version and created a user script to execute it. Will sleep better now :D

  • 1 month later...

Has someone created a custom rm binary so you can remove some certain file? I sometimes upgrade my plex media files and I don't want to have duplicates there. So, I don't want to be looking for what drive that certain file is on and "chattr -i" plus "rm". Sure I'm not the only one looking for this script :P

Very useful script, it's time to evolves in plugin with some GUI function for fast access. Thanks @binhex

  • 1 month later...
On 3/6/2021 at 5:36 PM, Zotarios said:

Has someone created a custom rm binary so you can remove some certain file? I sometimes upgrade my plex media files and I don't want to have duplicates there. So, I don't want to be looking for what drive that certain file is on and "chattr -i" plus "rm". Sure I'm not the only one looking for this script :P

 

I really need this. Im tempted to do it myself even if I never did an Unraid plugin, will give it a go.

On 3/6/2021 at 8:36 AM, Zotarios said:

Has someone created a custom rm binary so you can remove some certain file? I sometimes upgrade my plex media files and I don't want to have duplicates there. So, I don't want to be looking for what drive that certain file is on and "chattr -i" plus "rm". Sure I'm not the only one looking for this script :P

 

 

I created some User.Scripts that call for different things so I can pin point some without locking/unlocking everything all the time so I can avoid dupes too. 

Sure you could run Chattr directly on the file and then just delete it, but honestly I get lazy and often forget code so I just make up some scripts and let them do the work. 

 

Security.Lock.Media locks

TV share and Movies share

 

Security.Unlock.Media unlocks

TV share and Movies share

 

Security.Unlock.TV unlocks

TV share

 

Security.Unlock.Movies unlocks

Movies share

 

on and on

1 hour ago, kizer said:

 

 

I created some User.Scripts that call for different things so I can pin point some without locking/unlocking everything all the time so I can avoid dupes too. 

Sure you could run Chattr directly on the file and then just delete it, but honestly I get lazy and often forget code so I just make up some scripts and let them do the work. 

 

Security.Lock.Media locks

TV share and Movies share

 

Security.Unlock.Media unlocks

TV share and Movies share

 

Security.Unlock.TV unlocks

TV share

 

Security.Unlock.Movies unlocks

Movies share

 

on and on

I was thinking something like a CLI command like: "rm-force" to do the job. It would be easy to implement, just find which disk contains the file remove chattr and remove.

I'm too lazy so I just do a "no_ransomware include folder" atm

  • 4 weeks later...
  • Author

OK guys, its been a while since i touched this script, mainly because it just works :-), small enhancement to the script, i have now added in the ability to 'lock' and 'unlock' chattr, in reality this simply changes permissions and renames the chattr binary to make it just that bit harder for any potential ransomware script to try and execute chattr to unlock media. It's switched on by default and will auto unlock on execution of the script and lock at the end, if you don't want this new functionality then you can switch this off by specifying the flag --secure-chattr 'no'.

 

link to the script in first post of this thread.

Nice!!!!!! I was kinda wondering if there was a better way of insuring somebody couldn't just run chattr and remove the protection. Thank you for having the insight and willingness to do this. 

 

Just ran it across my media and seemed to work just fine. Was cool seeing the chattr binary in the logs being locked and unlocked too. 

  • Author
Nice!!!!!! I was kinda wondering if there was a better way of insuring somebody couldn't just run chattr and remove the protection. Thank you for having the insight and willingness to do this. 
 
Just ran it across my media and seemed to work just fine. Was cool seeing the chattr binary in the logs being locked and unlocked too. 
Glad it's working, it's odd the ideas thst spring to mind whilst having a shower [emoji16][emoji16]

Sent from my CLT-L09 using Tapatalk

On 5/13/2021 at 2:34 PM, binhex said:

OK guys, its been a while since i touched this script, mainly because it just works :-), small enhancement to the script, i have now added in the ability to 'lock' and 'unlock' chattr, in reality this simply changes permissions and renames the chattr binary to make it just that bit harder for any potential ransomware script to try and execute chattr to unlock media. It's switched on by default and will auto unlock on execution of the script and lock at the end, if you don't want this new functionality then you can switch this off by specifying the flag --secure-chattr 'no'.

 

link to the script in first post of this thread.

Thanks. Seems to have worked great.

Binhex

 

Sent you another idea via PM if your wanting tinker more. ;) 

  • 2 weeks later...
On 5/14/2021 at 11:40 PM, kizer said:

Binhex

 

Sent you another idea via PM if your wanting tinker more. ;) 

Why not share with everyone ? ;-)

3 hours ago, Opawesome said:

Why not share with everyone ? ;-)

 

I didn't want to clog up his Support Thread, but anyways this is what I suggested. 

 

************************************************************************

 

One idea I just had. Currently your renaming chattr and changing its permission. Absolutely brilliant, however maybe include a variable so the user could change the rename so everybody has a totally different binary and really screw up bots/script kiddies?

 

Say default is "rchatt" and everybody that uses it will have that as their default. Anybody who knows unraid and knows how to beat it will just bake that into their code and target unraid looking to rename rchatt to chattr or will simply run Chmod +x on rchatt.

 

So I'm proposing something like the following

 

#Edit below to set your Binary name default is rchatt

Set your Binary name ="rchatt"

 

It might be one more added thing that might be borderline paranoid, but really getting obscure should really confuse somebody.

@Opawesome

 

Actually looks like there already is. lol

 

readonly defaultSecureChattrRename="rttahc"

 

Looks like he's updated the script from v1.0.2 to v1.0.3 and included it. Yahoo

 

Thanks for the add binhex. ;)

 

  • Author
4 hours ago, kizer said:

@Opawesome

 

Actually looks like there already is. lol

 

readonly defaultSecureChattrRename="rttahc"

 

Looks like he's updated the script from v1.0.2 to v1.0.3 and included it. Yahoo

 

Thanks for the add binhex. ;)

 

yes i did half add it :-), so its more obvious how its set now but i haven't provided command line options for it yet, the reason being i got a little nervous about the following scenario:-

  • script runs and renames chattr to default rename file
  • user provides new name via the command parameter
  • script blows up, reason - because the script no longer knows the previous name of the executable so cannot find and rename it.

there is of course a reasonably simple solution to this as the rename is only temporary (ram), if the user reboots they will be back to a working system and next time the script runs it will know the name of the executable (as it hasnt been changed) and it can then use the user provided name and off it goes.

 

so either i need to keep a history of names used (tricky), or instruct the user to reboot if the executable cannot be found (easier but not ideal).

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.