Web lists-archives.com

Re: [Samba] ransomware etc




On Wed, Jun 28, 2017 at 8:42 AM, David Disseldorp via samba
<samba@xxxxxxxxxxxxxxx> wrote:
> Hi,
>
> On Wed, 28 Jun 2017 11:08:11 +0200, mj via samba wrote:
>
>> Hi all,
>>
>> Just out of curiosity: is there anything we can do, on the samba side,
>> to counter the recent ransomware attacks? (or limit the damage done)
>>
>> I'm thinking like: limit the number of files per second a client
>> (workstation) is allowed to edit, or some other smart tricks..?
>>
>> It would be nice if samba could be an extra layer of defense.
>>
>> Something perhaps a vfs module could help with..?
>>
>> Anyone with tips, trics, ideas?
>
> Although not bullet proof, I'd suggest taking periodic snapshots of the
> Samba share using Btrfs, LVM, ZFS, etc. This will give you a read-only
> restore point, should clients start misbehaving.
>
> With Btrfs you could use the Snapper VFS module to expose the read-only
> snapshots to clients via the Windows Previous Versions UI.

Or, for oldsters like myself, rsnapshot reading from the current
filesystem. It's often much, much simpler to implement and lends
itself fell to finer tuning and restoration of old content than a
filesystem based backup.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba