First version of PRFS file system is working

A project log for Ransomware safe server: SMB (Samba) and FTP server

A SMB (Samba) and FTP server which is safe against ransomware attacks from the client

elbertElbert 08/26/2023 at 07:180 Comments

After further experimenting I have a first version working. When a file is written, a makes a copy of the existing file with the name of this file, trailed with 14 characters, of which the first an dthe last are underscores, and in between only numbers (actually the time seconds since the epoch). So the file “test.txt” gets a backup “_001693031634_test.txt”.

More specific’, there is a hook in the kernel function:

(*) This step seems maybe unnecessary. However, the function is called both form user space as from kernel space. And the kernel module cannot distinguish between them. And we want to be able to write to the backup file from the kernel module, but not from ransomware from the servers in the user space. But this is not possible. So the solution here is that it treats the backup file as WORM: you can write them once, but not change them afterwards.

I also write “(or is empty)”. This is due to the Linux kernel. The kernel knows already form the directory listing whether a file exist or not. If a file does not exist, it first calls the vfat_create function, before the function. So the file does exits already, but is empty (and has different flags). So this does determine whether it ‘exists’ or not.

The PRFS works fine when editing text within the RPi linux environment. And also the FTP server (proftpd) works reliable. Samba does not work properly yet.

Still to do: