[ale] Linux Ransom-ware
Lightner, Jeff
JLightner at dsservices.com
Thu Nov 12 08:53:34 EST 2015
Netbackup "standard errors" are almost always because people didn't use exclude lists properly. If you tell it to backup / it will try to do so but since it can't backup socket and device files it will dutifully tell you each one it is skipping and end with status 1 rather than status 0. If you put in exclude lists it will not try to back up the excluded files and will end with status 0.
At a prior job before I realized I could fix the status 1s with exclude lists I had to write a detailed explanation of why a status 1 was NOT actually a failed backup despite not being a non-zero exit status. We did FDA Validation there and its requirements make SOX look like a walk in the park. Before I did that document we had to investigate every single status 1 exit. Afterwards we were able to set our job schedule to treat backup status 1 as "successful".
NetBackup also retries backups so if you get a failure other than status 1 on first attempt you may still get a successful backup on next attempt (or next, or next... by default up to 6 attempts).
As you note reading the daily reports is important. One of the few GUIs I truly love is NetBackup's activity monitor as it shows you all the jobs with tons of information so you can quickly drill down on specific jobs to see if in fact they really failed and if so why.
-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of DJ-Pfulio
Sent: Thursday, November 12, 2015 8:18 AM
To: ale at ale.org
Subject: Re: [ale] Linux Ransom-ware
Which is why reviewing daily backup reports for issues is important.
Sadly, they are boring almost always ... except Netbackup which I vaguely recall was full of "standard errors" ... of things that failed to be backed up.
On 11/12/2015 07:11 AM, Jim Kinney wrote:
> This kind of attack would appear in backups as a sudden rise in the
> number of incremental file backups.
> On Nov 12, 2015 6:31 AM, "Jim Lynch" <ale_nospam at fayettedigital.com> wrote:
>
>> Apparently they found a predictable encryption key:
>> http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-p
>> redictable-encryption-key/
>>
>> On 11/09/2015 04:35 AM, DJ-Pfulio wrote:
>>
>>> Linux Ransom-ware is out looking for ways to attack and encrypt your
>>> systems:
>>>
>>> https://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-
>>> web-sites/
>>>
>>> Good news: They only want 1 bitcoin as payment.
>>>
>>> Bad news: 1 BC is about US$420 and the unlock process doesn't put
>>> everything back exactly like it was.
>>>
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list