FPOLICY

Ist eine Fpolicy aktiv ?
fpolicy show
ggf. ausschalten
fpolicy disable -vserver <VSERVER> -policy-name POLICYNAME
Ein Event pro Protocol erstellen und kontrollieren
fpolicy policy event create -vserver <VSERVER> -event-name <EVENTNAME> -protocol <PROTOKOLL> -file-operations open,close,read,write,rename,rename_dir
fpolicy policy event create -vserver <VSERVER> -event-name <EVENTNAME2> -protocol nfsv3 -file-operations read,write,rename,rename_dir
fpolicy policy event create -vserver <VSERVER> -event-name <EVENTNAME3> -protocol nfsv4 -file-operations read,write,rename,rename_dir
fpolicy policy event show -vserver <VSERVER>
Eine Policiy erstellen und kontrollieren
fpolicy policy create -vserver <VSERVER> -policy-name <POLICYNAME> -events <EVENTNAME> -engine native
fpolicy policy show
Einen Scope erstellen und kontrollieren
fpolicy policy scope create -vserver <VSERVER> -policy-name <POLICYNAME> -shares-to-include *
 -file-extensions-to-include !ENC, 0JELvV, 0x0, 1999, 31392E30362E, 3P7m, 3RNu, 5vypSa, 6FKR8d, 73i87A, 777, 7h9r, 8lock8, AES256, AFD, ANNABELLE, Alcatraz, AngleWare, Aurora, BarRax, CCCRRRPPP, CHERNOLOCKER, CHIP, CRRRT, CRYPTBOSS, CRYPTOSHIELD, CTB, CTBL, DALE, ENCR, ENCRYPTED_BY_LLTP, ENCRYPTED_BY_LLTPp, EnCiPhErEd, FenixIloveyou!!, FuckYourDat, H3LL, KEYH0LES, KEYZ, Kirked, KryptoLocker_, L0CKED, LOL!, LeChiffre, Licked, Locked-by-Mafia, MERRY, MRCR1, OMG!, PEGS1, PoAr2w, R16M01D05, R4A, R5A, RAD, RADAMANT, RARE1, RDM, RMCM1, RRK, RSNSlocked, RSplited, SUPERCRYPT, Silent, TheTrumpLockerf, TheTrumpLockerfp, UslJ6m, VBRANSOM, Venusf, Venusp, XRNT, XTBL, XXX, Z81928819, ZINO, _AiraCropEncrypted, _DECRYPT_INFO_, ___xratteamLucked, _crypt, _nullbyte, a19, aaa, abc, adk, aes, aga, amba, amnesia, angelamerkel, animus, ap19, arpT, better_call_saul, bitstak, bloc, blocatto, braincrypt, breaking_bad, bript, btc, btc-help-you, btcbtcbtc, btcware, cbf, cerber, cerber2, cerber3, cheetah, clf, code, creeper, crime, crinf, cripper, criptiko, criptokod, cripttt, crjoker, crptxxx, cry, cry_, cryp1, crypt, crypt38, crypted, crypted000007, crypted000078, crypted_file, crypto, cryptolocker, cryptz, crypz, crysis, ctbl, czvxce, d4nk, dCrypt, da_vinci_code, damage, darkness, decrypt2017, decrypt_it, ded, deria, desu, devil, dexter, dharma, djvu, domino, doomed, dxxd, eQTz, ecc, edgel, encedRSA, encrypt, encrypted, encryptedAES, encryptedALL, encryptedRSA, enigma, epic, exotic, exx, ezz, fantom, fileiscryptedhard, filock, firecrypt, fs0ciety, fuck, fucked, fun, good, grt, gws, ha3, hannah, hb15, heisenberg, herbst, hnumkhotep, id-_locked, id-_locked_by_krec, id-_locked_by_ perfect, id-_r9oj, id-_x3m, infected, isis, iwanthelpuuu, justbtcwillhelpyou, karma, kencf, killedXXX, kimcilware, kkk, korrektor, kostya, kr3, kraken, kratos, lambda_l0cked, lock93, locked, locked-[XXX], locklock, locky, los_pollos, madebyadam, magic_software_ syndicate, micro, mole, mole02, n1wLp0, no_more_ransom, nochance, nuclear55, obfuscated, odcodc, only-we_can-help_ you, oops, oshit, p5tkjw, padcrypt, pashka, paybtcs, payms, paymst, payransom, payrmts, phobos, porno, potato, purge, pzdc, r5a, rag2hdst, random, remind, rip, rmd, rnsmwr, rokku, rsa3072, sanction, scl, serpent, sexy, shino, sifreli, somik1, sport, stn, surprise, szf, toxcrypt, trun, ttt, tyson, tzu, umbrecrypt, vault, velikasrbija, versiegelt, vindows, vscrypt, vvv, vxLock, wallet, wcry, wflx, windows10, windows8, wncry, wnx, xcri, xort, xrtn, xtbl, xyz, yourransom, ytbl, zXz, zcrypt, zepto, zorro, zyklon, zzz, zzzzz, ~xdata~, 암호화됨

fpolicy policy scope show


Achtung im Scope dürfen folgende Zeichen nicht sein:
{[]}()@.

Policy aktivieren und überprüfen
fpolicy enable -vserver <VSERVER> -policy-name <POLICYNAME>  -sequence-number 2
fpolicy show