Displaying 1 result from an estimated 1 matches for "win7dha".
Did you mean:
win7a
2016 Mar 10
0
[ISC Crosspost] Novel method for slowing down Locky on Samba server using fail2ban
...=% I | USER =% u | MACHINE =% m | VOLUME =% S
full_audit: facility = local7
full_audit: priority = NOTICE
and to be monitored at every [Volume]
vfs objects = full_audit
This leads to such a line in the log:
2016-02-29T11:07:36.162528+01:00 hort
smbd_audit:IP=1.2.3.4|USER=dha|MACHINE=win7dha|VOLUME=dha|pwrite|ok|bla/Q-Dir_Installer.zip
2016-02-29T11:08:43.945654+01:00 hort
smbd_audit:IP=1.2.3.4|USER=dha|MACHINE=win7dha|VOLUME=dha|pwrite|ok|bla/ganzböserverschlüsselungstrojaner.locky
apt-get install fail2ban
with filter definitions in /etc/fail2ban/filter.d/samba.conf as
[D...