[Script] binhex - no_ransom.sh


44 posts in this topic Last Reply

Recommended Posts

On 8/26/2020 at 4:33 PM, binhex said:

hmm that should work, i will do some further testing, as a possible workaround you could remove the exclude and instead use the include to only lock file types you want to have locked e.g. for ebooks *.epub, *.mobi etc.

Any further thoughts? I can't really do as suggest as the list to include would be quite long and may miss some :(

 

Here is the debug text. I can see no reason why it is not working as intended.

Quote

root@Tower:~# /mnt/user/appdata/no_ransom/no_ransom.sh --lock-files 'yes' --media-shares 'Test' --include-extensions '*.*' --exclude-extensions '*.jpg,*.opf,*.db,*.json' --debug 'yes'
[info] Running no_ransom.sh script...
[info] Checking we have all required parameters before running...
[info] Finding share that match 'Test' on disk '/mnt/disk1'...
[debug] find /mnt/disk1 -maxdepth 1 -type d -name Test
[info] Share found, processing media share '/mnt/disk1/Test' using 'chattr' recursively...
[debug] find /mnt/disk1/Test -type f  \( -name "*.*" \)  \( -not -name "*.jpg" -o -not -name "*.opf" -o -not -name "*.db" -o -not -name "*.json" \) -exec chattr +i {} \;
[info] Processing finished for disk '/mnt/disk1'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk2'...
[debug] find /mnt/disk2 -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disk2'
[info] Processing finished for disk '/mnt/disk2'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk3'...
[debug] find /mnt/disk3 -maxdepth 1 -type d -name Test
[info] Share found, processing media share '/mnt/disk3/Test' using 'chattr' recursively...
[debug] find /mnt/disk3/Test -type f  \( -name "*.*" \)  \( -not -name "*.jpg" -o -not -name "*.opf" -o -not -name "*.db" -o -not -name "*.json" \) -exec chattr +i {} \;
[info] Processing finished for disk '/mnt/disk3'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk4'...
[debug] find /mnt/disk4 -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disk4'
[info] Processing finished for disk '/mnt/disk4'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk5'...
[debug] find /mnt/disk5 -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disk5'
[info] Processing finished for disk '/mnt/disk5'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disk6'...
[debug] find /mnt/disk6 -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disk6'
[info] Processing finished for disk '/mnt/disk6'
[info]
[info] Finding share that match 'Test' on disk '/mnt/disks'...
[debug] find /mnt/disks -maxdepth 1 -type d -name Test
[debug] No matching media share for disk '/mnt/disks'
[info] Processing finished for disk '/mnt/disks'
[info]
[info] no_ransom.sh script finished

 

Screenshot from 2020-08-30 16-31-17.png

Edited by stridemat
Link to post
On 8/30/2020 at 4:24 PM, stridemat said:

Any further thoughts?

yep it was a bug in the find syntax, i have now tested and fixed it, please pull down the latest script, see OP for details, FYI the fixed version is 1.0.1.

Link to post
4 hours ago, binhex said:

yep it was a bug in the find syntax, i have now tested and fixed it, please pull down the latest script, see OP for details, FYI the fixed version is 1.0.1.

Looks like that has done the job. Now to double check I don’t need any further file extensions excluded and will run on my media folder. Thanks!

Link to post
On 6/25/2020 at 10:43 AM, jonathanm said:

I would think that if you are using UD devices for offsite physical backups, you would want to apply the immutable attribute to keep your backup media extra safe when you are accessing it for recovery purposes.

until you have updated files you're trying to backup.

Link to post
  • 4 months later...

Truly appreciate this script. I never had problems with ransomware but heard enough stories to fear them.

Mistakes were made when I setted up my shares and I used spaces in some of them, when I try to run the scripts this is the output:
 

root@Fone:~# /mnt/user/appdata/no_ransom/no_ransom.sh --lock-files 'yes' --media-shares 'short films' --debug 'yes'
[info] Running no_ransom.sh script...
[info] Checking we have all required parameters before running...
[info] Finding share that match 'short films' on disk '/mnt/disk1'...
[debug] find /mnt/disk1 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk1/short films' using 'chattr' recursively...
[debug] find /mnt/disk1/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk1/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk1'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk2'...
[debug] find /mnt/disk2 -maxdepth 1 -type d -name short films
[debug] No matching media share for disk '/mnt/disk2'
[info] Processing finished for disk '/mnt/disk2'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk3'...
[debug] find /mnt/disk3 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk3/short films' using 'chattr' recursively...
[debug] find /mnt/disk3/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk3/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk3'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk4'...
[debug] find /mnt/disk4 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk4/short films' using 'chattr' recursively...
[debug] find /mnt/disk4/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk4/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk4'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk5'...
[debug] find /mnt/disk5 -maxdepth 1 -type d -name short films
[debug] No matching media share for disk '/mnt/disk5'
[info] Processing finished for disk '/mnt/disk5'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk6'...
[debug] find /mnt/disk6 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk6/short films' using 'chattr' recursively...
[debug] find /mnt/disk6/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk6/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk6'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk7'...
[debug] find /mnt/disk7 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk7/short films' using 'chattr' recursively...
[debug] find /mnt/disk7/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk7/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk7'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disk8'...
[debug] find /mnt/disk8 -maxdepth 1 -type d -name short films
[info] Share found, processing media share '/mnt/disk8/short films' using 'chattr' recursively...
[debug] find /mnt/disk8/short films -type f  \( -name "*.*" \)   -exec chattr +i {} \;
find: ‘/mnt/disk8/short’: No such file or directory
find: ‘films’: No such file or directory
[info] Processing finished for disk '/mnt/disk8'
[info]
[info] Finding share that match 'short films' on disk '/mnt/disks'...
[debug] find /mnt/disks -maxdepth 1 -type d -name short films
[debug] No matching media share for disk '/mnt/disks'
[info] Processing finished for disk '/mnt/disks'
[info]
[info] no_ransom.sh script finished


After running it I have verified running "lsattr /mnt/user/short\ films/" that the files are still unprotected. Can I run the script somehow without changing my share names?

Link to post

After checking the script seems like adding single quotes on the line 164 solves my issue reported above

From:

eval "find ${media_shares_match} -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;"

 

To:

eval "find '${media_shares_match}' -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;"

 

@binhex can create a pull request if you prefer

Link to post
15 minutes ago, s0b said:

After checking the script seems like adding single quotes on the line 164 solves my issue reported above

From:


eval "find ${media_shares_match} -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;"

 

To:


eval "find '${media_shares_match}' -type f ${include_folders_cmd} ${include_extensions_cmd} ${exclude_folders_cmd} ${exclude_extensions_cmd} -exec ${chattr_cmd} {} \;"

 

@binhex can create a pull request if you prefer

excellent!, yep agreed that looks like the fix, no need for PR i can do the change now, i will let you know once its in.

Link to post

ok the fix is now in for spaces in share names, during my testing i also noted the default include extensions should be * not *.*, to ensure files with no extension are also locked (if no include extension specified).

  • Like 2
  • Thanks 1
Link to post
  • 1 month later...

Has someone created a custom rm binary so you can remove some certain file? I sometimes upgrade my plex media files and I don't want to have duplicates there. So, I don't want to be looking for what drive that certain file is on and "chattr -i" plus "rm". Sure I'm not the only one looking for this script :P

Link to post
  • 1 month later...
On 3/6/2021 at 5:36 PM, Zotarios said:

Has someone created a custom rm binary so you can remove some certain file? I sometimes upgrade my plex media files and I don't want to have duplicates there. So, I don't want to be looking for what drive that certain file is on and "chattr -i" plus "rm". Sure I'm not the only one looking for this script :P

 

I really need this. Im tempted to do it myself even if I never did an Unraid plugin, will give it a go.

Link to post
On 3/6/2021 at 8:36 AM, Zotarios said:

Has someone created a custom rm binary so you can remove some certain file? I sometimes upgrade my plex media files and I don't want to have duplicates there. So, I don't want to be looking for what drive that certain file is on and "chattr -i" plus "rm". Sure I'm not the only one looking for this script :P

 

 

I created some User.Scripts that call for different things so I can pin point some without locking/unlocking everything all the time so I can avoid dupes too. 

Sure you could run Chattr directly on the file and then just delete it, but honestly I get lazy and often forget code so I just make up some scripts and let them do the work. 

 

Security.Lock.Media locks

TV share and Movies share

 

Security.Unlock.Media unlocks

TV share and Movies share

 

Security.Unlock.TV unlocks

TV share

 

Security.Unlock.Movies unlocks

Movies share

 

on and on

Link to post
1 hour ago, kizer said:

 

 

I created some User.Scripts that call for different things so I can pin point some without locking/unlocking everything all the time so I can avoid dupes too. 

Sure you could run Chattr directly on the file and then just delete it, but honestly I get lazy and often forget code so I just make up some scripts and let them do the work. 

 

Security.Lock.Media locks

TV share and Movies share

 

Security.Unlock.Media unlocks

TV share and Movies share

 

Security.Unlock.TV unlocks

TV share

 

Security.Unlock.Movies unlocks

Movies share

 

on and on

I was thinking something like a CLI command like: "rm-force" to do the job. It would be easy to implement, just find which disk contains the file remove chattr and remove.

I'm too lazy so I just do a "no_ransomware include folder" atm

Link to post
  • 4 weeks later...

OK guys, its been a while since i touched this script, mainly because it just works :-), small enhancement to the script, i have now added in the ability to 'lock' and 'unlock' chattr, in reality this simply changes permissions and renames the chattr binary to make it just that bit harder for any potential ransomware script to try and execute chattr to unlock media. It's switched on by default and will auto unlock on execution of the script and lock at the end, if you don't want this new functionality then you can switch this off by specifying the flag --secure-chattr 'no'.

 

link to the script in first post of this thread.

Link to post

Nice!!!!!! I was kinda wondering if there was a better way of insuring somebody couldn't just run chattr and remove the protection. Thank you for having the insight and willingness to do this. 

 

Just ran it across my media and seemed to work just fine. Was cool seeing the chattr binary in the logs being locked and unlocked too. 

Link to post
Nice!!!!!! I was kinda wondering if there was a better way of insuring somebody couldn't just run chattr and remove the protection. Thank you for having the insight and willingness to do this. 
 
Just ran it across my media and seemed to work just fine. Was cool seeing the chattr binary in the logs being locked and unlocked too. 
Glad it's working, it's odd the ideas thst spring to mind whilst having a shower

Sent from my CLT-L09 using Tapatalk

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.