*New 11.3 series Release:
2019-10-05: XigmaNAS 11.3.0.4.6928 - released, 11.2 series are soon unsupported!

*New 12.0 series Release:
2019-10-05: XigmaNAS 12.0.0.4.6928 - released!

*New 11.2 series Release:
2019-09-23: XigmaNAS 11.2.0.4.6881 - released!

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

Ransomware monitor

XigmaNAS Scripts and shell tips
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
erik
experienced User
experienced User
Posts: 83
Joined: 14 Jul 2014 09:45
Status: Offline

Ransomware monitor

#1

Post by erik » 29 Jun 2017 09:06

I use syncthing to backup my PC documents folder to a zfs pool with snapshots and the network shares are also on a zfs pool with snapshot but I'd like to get a warning when there is some unexpected change on one of the zfs pools.

For that I made a tripwire shell script run every 30 minutes from cron that checks if certain files that never should change have changed.
Typically you would make some folder with a word file that never changes.

The script uses md5 to calculate the checksum and verifies with a stored checksum
The script uses a sendmail.sh script to do the actual mailing using msmtp

Code: Select all

#!/bin/sh
#
#  tripwire script , use a you like.
#
TEST=""
#remove the '#' before the next line for interactive testing
#TEST=1

testtrip()
{
	 if test -f $1 ; then
		[ $TEST ] && echo "Testing $1"
		if ! test -f $2 ; then
			md5 $1 > $2
			[ $TEST ] && echo "$2 created"
			[ $TEST ] || /root/sendmail.sh "WARNING: file change" "The reference file for the stable file $1 was created, check why!!!!" 
		fi
		if md5 $1 | diff $2 - ; then
			[ $TEST ] && echo "No change in $1"
		else
			md5 $1 > $2
			[ $TEST ] && echo "Updated $2"
			[ $TEST ] || /root/sendmail.sh "WARNING: file change" "The stable file $1 has changed, check why!!!!" 
		fi
	else
		[ $TEST ] && echo "Not found: $1"
		[ $TEST ] || /root/sendmail.sh "WARNING: file change" "The stable file $1 has disappeared, check why!!!!" 
	fi
}
	 
#add as many lines below as you need, each referring to a stable file and to the associated reference file.
testtrip /path/to/stable/file /path/to/reference/file


primary NAS: 2*8Tb raidz1, backup NAS: 6*2TB raidz2, remote backup NAS: 3*2TB raidz1 : All NAS4Free 11.0

Post Reply

Return to “Scripts and shell tips”