#!/bin/sh # File : set_ransomware-blocker.sh # By : Maarten.deBoer@Atos.net, 160921 # Subject : Script to set fpolicy for ransomware-blocker PGM="`basename $0|cut -d\. -f1`" VER="0.2" TMP="/tmp/${PGM}.$$" LOG="${HOME}/log/${PGM}.log" SSH="/usr/bin/ssh -n" FILER="nlnaf42" VFILER="nlnafvaip98" if [ "${1}" != "" ]; then FILER="${1}" fi if [ "${2}" != "" ]; then VFILER="${2}" fi # Het gaat om deze lijst (laatste versie bepaald door ons SOC): cat << !EOF >> ${TMP} 0X0 1999 AAA ABC BLEEP CCC CRJOKER ECC ENCIPHERED ENCRYPTEDRSA EOJIORC EXX EZZ GOOD HA3 KEYBTC@INBOX_COM LECHIFFRE LOCKY LOL! OMG! ODIN PZDC R16M01D05 R5A RRK TOXCRYPT TTT VVV XRTN XTBL XXX XYZ ZUEIERN !EOF echo "`date` ${PGM} v${VER} started with FILER=${FILER} & VFILER=${VFILER}"|tee -a ${LOG} # According NetApp-DOC: # - Configuring native file blocking # https://library.netapp.com/ecmdocs/ECMP1401220/html/GUID-0DAD7887-2918-47A3-A8AE-70D3F5308C73.html # 1. Create a file policy ${SSH} ${FILER} vfiler run ${VFILER} fpolicy create ransomware-blocker screen sleep 1 # 2. Configure the policy to monitor the extensions ${SSH} ${FILER} vfiler run ${VFILER} fpolicy extension include set ransomware-blocker zueiern cat ${TMP} |cut -d\. -f2|while read LINE do echo ${LINE} ${SSH} ${FILER} vfiler run ${VFILER} fpolicy extension include add ransomware-blocker ${LINE} sleep 1 done rm ${TMP} # 3. Set the operations and protocols monitored by the policy ${SSH} ${FILER} vfiler run ${VFILER} fpolicy monitor set ransomware-blocker -p cifs,nfs create,rename # 4. To enable mandatory screening ${SSH} ${FILER} vfiler run ${VFILER} fpolicy options ransomware-blocker required on # 5. Enable the FPolicy feature by entering the following command echo "Enable: ${SSH} ${FILER} vfiler run ${VFILER} fpolicy enable ransomware-blocker -f" # 6. Disable the FPolicy feature by entering the following command echo "Disable: ${SSH} ${FILER} vfiler run ${VFILER} fpolicy disable ransomware-blocker" # show fpolicy ${SSH} ${FILER} vfiler run ${VFILER} fpolicy exit 0