Posts Tagged Synology

Synology Antivirus Essential detects PHP.Exploit.CVE_2015_2331-3

Today my DiskStation emailed me about detecting malware in the system files. When I looked at the log, I saw this:

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

It appears this is a false positive in the ClamAV database.

Further reading: https://www.clamxav.com/BB/viewtopic.php?f=1&t=4186&hilit=php.exploit

If your Synology reports the same, simply restore the quarantined file, update virus definitions, and re-scan. It should come up clean. If you had configured Antivirus Essential to automatically delete files, you may have to restore the DSM OS to get the file back.

Advertisements

,

2 Comments

Plex Media Server not starting on boot on Synology NAS

My Synology NAS would not successfully start Plex Media Server at bootup. I had to go into Package Center after each boot and run it manually.

I reached out to the Plex forums and didn’t get much help. I did eventaully find a fix.

I assumed that the script was failing on boot as it was waiting for some not-yet-ready resource, and would only run after the whatever-resource was ready. It just needed more time to be ready.

copy the “/var/packages/Plex Media Server/scripts/start-stop-status” file somewhere else on your NAS where you can edit it, and make the following edit:

   ...
start_plex ()
{
+  sleep 7
PLEX_PATH=$(/usr/syno/sbin/synoshare --get Plex | grep Path | awk -F[ '{print $2}' | awk -F] '{print $1}')
...

Save the file, and then copy it back to it’s original location. Reboot.

Plex Media Server should now run on boot successfully.

,

Leave a comment

ACL fix for Synology DiskStations

A reader got in touch with me regarding my previous post, Quick sh script cronjob to fix user homes permissions on Synology. That script was initially intended to fix user homes file ownership, but this reader shared a script that uses the synoacltool to fix the Access Control List on directories.

A few thoughts regarding this script:

First, it was mentioned that these issues may be fixed in the latest DSM release. If you’re still experiencing file ownership and permissions issues, please feel free to use the solution linked to above or posted below.

Second, the script linked to above and the script below take different approaches on the problem. You may find a solution in one, or you may elect to use both.

Third, it was mentioned that this was a “one and done” solution. Due to the changing nature of filesystem content, I don’t believe that to be the case. You may want to save this as a sh script and run it as a scheduled task, or you may want it to run on every boot up. If you decide you want to run it on every boot, edit (or create) the file /etc/rc.local, and paste the below. I can’t say for certain whether this script is preserved on an upgrade, though this page strongly suggests that it would be preserved.

I don’t have a Synology unit right now to test this on, so I can’t offer any insight other than what I’ve shared above.

Here’s the script:

#!/bin/sh
synouser --enum all > user.list
sed -i 's/\\/\\\\/g' user.list
cat user.list | while read line
do
echo -n "$line: "
USERDIR=`synouser --get "$line" | grep "User Dir"`
if [ $? != 0 ]; then
echo "user: [$line] not found"
continue
fi
HOMEPATH=`echo "$USERDIR" | cut -d'[' -f2 | cut -d']' -f1`
synoacltool -get-archive "$HOMEPATH" | grep is_support_ACL > /dev/null 2>&1
if [ $? != 0 ]; then
echo "[$HOMEPATH] not support ACL or not exist"
continue
fi
synoacltool -get "$HOMEPATH" | grep -F "user:$line:allow:rwxpdDaARWcCo:fd--" > /dev/null 2>&1
if [ $? = 0 ]; then
echo "[$HOMEPATH] exist user's Full Control ACL"
continue
fi
synoacltool -add "$HOMEPATH" "user:$line:allow:rwxpdDaARWcCo:fd--"
done
rm user.list

Any feedback is welcome and appreciated. Thank you!

1 Comment

My new home NAS: HP ProLiant MicroServer N40L running FreeNAS 8

I recently bought an HP ProLiant MicroServer for my new home NAS. My previous NAS was a Synology DS211j, and it performed very well, up until recently. My two biggest reasons for replacing it were:

1) It would randomly drop off the network. The LAN led would flash rapidly, but there was no activity on the switch port. It was also unpingable. This means the NIC was probably failing, and the unit would need to be replaced.

2) Synology had the idea to force MyDS registration in DSM 4.2 BETA. This meant I wasn’t getting another Synology if I could help it.

After some searching, I happened on the HP ProLiant MicroServer for the physical unit, and after a couple days of thought and planning, FreeNAS 8 BETA 3 for the OS.

Now, as my luck would have it, the first time I removed the motherboard from the chassis, I knocked a jumper cap off the board, which resulted in the unit not POSTing. A little intuition helped me find the right spot to replace it to. Here’s photos of the jumper locations in case anyone else shares my bad luck:

I installed a 4GB USB stick in the motherboard’s USB header with FreeNAS installed on it, and am using 2TB drives in slots 1-3 in RAID-Z1, and a 250GB 7200RPM drive in slot 4 for ZIL. In case you want to argue why I should be using an SSD instead of a conventional hard drive, you’re welcome to buy me one, but you might want to read this post first.

So that’s that. I’m sure you’ll be seeing more posts on FreeNAS and my NAS setup in general in the future.

Have any questions or comments about the above? Please share them in the comments section below. Thank you!

, , , ,

Leave a comment

My thoughts about Symform

I exchanged emails with a reader, and during the exchange, he asked me my thoughts about Symform, especially about running it on a Synology NAS. Here is a copy of my response.

Overall symform is an affordable, new approach on the cloud storage concept, albeit with its shortcomings.

The synology symform client is extremely resource intensive, and would really drag down my DS211j for several minutes when the service started up. The need for having to manually having to set the port number is a shortsighted issue that Symform should address in an update.

The desktop client has no apparent indicator that it’s working either, so that’s another simple user experience issue.
From a security standpoint, Symform encrypts data with its own keys, and there’s no option (yet) to use your own. This comes down to how much one can “trust” symform and their protocols.

From a data integrity standpoint, their 50% parity is a good thing, but I’d be concerned if its enough. And since you’re placing your data in the hands of others, you’re relying on their upstream bandwidth (something that’s in short supply on a typical Internet connection) to get your data back. The more you store, the longer it will take, since there’s no individual file restore option — only whole folders.

Overall? It’s “good”, but not great. I’d use it for non-critical, non-sensitive data that wouldn’t need urgent restoration.

What are your thoughts on Symform? Please feel free to comment below. Thanks!

,

5 Comments

Synology releases DSM 4.2-BETA. MyDS registration now required.

Today I downloaded and installed Synology’s new DSM 4.2-Beta (Build 3160). I’m normally excited about new DSM releases, even the betas, as they mean the opportunity to see and test new features. I’ve been impressed by DSM releases in the past, as they’re usually very stable and I can’t say as I’ve really had any major issue with them.

Unfortunately, Synology decided to implement something in this DSM release that has me irritated, to say the least. They require that you register with their MyDS service in order to install any additional software packages on your Synology product, or even to upgrade any packages that you had installed prior to installing the DSM 4.2 BETA. This even applies to 3rd party software packages, but not software packages installed from other software sources. And, it’s not optional.

Yes, even if you had a software package on your Synology product before installing the DSM 4.2 BETA, you can’t upgrade that software package without registering on the MyDS service.

dsm_upgrade_need_myds

Oh, yeah, you also can’t downgrade to a previous DSM release.

dsm_not_downgradable

This is a great example of another instance of “forcing” customers to use cloud services to utilize the full potential of a product, and a huge disappointment for me. And yes, they keep records of your “purchases” (downloads). And, also, there’s currently no way to delete your purchase history, or your MyDS account.

I took a close look at Synology’s “What’s new” for this Beta to see if I had missed a mention that MyDS was required. Here’s a screenshot of what their website shows:

wn_packagectr

Note that it says that MyDS is required to purchase paid apps. It says nothing about free apps. This is misleading, to say the least.

I shouldn’t be forced to register and log in to Synology’s MyDS service to download and install their own software packages. It would be like Microsoft forcing users to have a Microsoft account to download Windows updates. More so, this even affects the third-party software packages available from the package center that come from Synology repositories. However, again, it doesn’t affect software packages from other sources.

The only good I could possibly even see coming from this would be the ability to remotely manage and push software updates to the Synology product directly from the MyDS center. But why would you want to do that instead of just logging into the product itself and doing it securely? I could even see malicious software authors getting hold of the Synology software bundles and offering to host them on publicly available repositories where they could be downloaded without registration, but modifying the packages to introduce malware into them, unbeknownst to the user.

Thanks a bundle Synology. Maybe you should take a lesson from Cisco. They tried something like that at one point. It was called Cisco Cloud Connect, and they backpedaled on it. Read more about that on eWeek here and here, and on Cisco’s own blog here.

UPDATE 8-Jan-13:

I should clarify some of the above. You CAN manually install and upgrade freely-available packages from Synology. First, you have to go to Download Center, and select your product type. In the case of my DS211j, the direct link is here. (If you’re looking for the updated 4.2-BETA packages, they’re here for all models.) You can download the spk file from there, and subsequently upload the spk file via the Package Center’s manual update feature. (You can also find downloads for all packages for all models here.) The direct links to DSM 4.1 (build 2636) are here.

dsm_manual_spk

Again, why Synology forces MyDS registration to do this via the automated installer for freely-available packages is still beyond my understanding. However, it looks like their intent is DRM-based. Specifically, on packages that are to be purchased.

myds_acct_remove

UPDATE 14-Jan-13:

I’ve been in contact with Synology on Twitter, and I openly thank them for their dialog with me regarding my feelings on this issue. I’ve sent them the following email as well:

I’m submitting this to let you, Synology, know how disappointed I am in the decision to force MyDS registration for automatic package downloads in DSM 4.2-BETA. This is a decision that I feel has multiple implications.

First, it impacts the usability of the Synology product for people who do not care to register for a MyDS account, as they can no longer automatically update or install packages. Indeed, some packages can be manually installed by downloading from Synology’s website and installed or upgraded manually, but quite a few packages (such as 3rd party packages) are absent from the download list. Along with this, one that is present (Amazon Glacier) requires Python, which is not present.

Second, this impacts privacy, as all automated downloads are logged as “purchases” in the MyDS account, but this list cannot be deleted, nor can the MyDS account itself be deleted.

Third, there are additional possible security implications, but I am going to choose not to elaborate on them for the purposes of this email.

I strongly (and vocally) disagree with Synology’s decision.

I understand that the addition of paid packages to the Synology repositories has created the need for a purchase and DRM solution, but I do not understand why this has to create an issue for people that do not have those packages available to them, or simply choose not to purchase them.

I submit that it would have been a much better decision to at least allow the automatic installation and upgrade of free packages without the forced MyDS registration. Or, at least, to allow the download of all free packages via a web page or FTP download, and prominently display a link to that are in the DSM Package Center.

I have written about this at https://mikebeach.org/2013/01/08/synology-releases-dsm-4-2-beta-myds-registration-now-required/

Sincerely,

Mike Beach

Are you the owner of a Synology product and tried the DSM 4.2-BETA? What are your feelings about the forced use of MyDS for software downloads? Please feel free to share in the comments below. Thank you!

,

20 Comments

Synology Download Station bittorrent blocklist

After digging around through SSH, I’ve found the following directory might be intended to contain the IP blocklists:

/usr/syno/etc/packages/DownloadStation/download/blocklists

However, I’m still not sure if there’s a way to verify they’re loaded, or whether it explicitly needs to be enabled.

5 Comments

How to enable the IPfilter blocklist in Synology Download Station’s aMule client

If you’re interested in using the Synology Download Station for eMule downloads over ED2K networks, but insist on using an IP blocklist, there is a rather easy way to set it up. Here’s how I did it on my DS211j running DSM 4.1-2668.

First, obviously make sure Download Station is installed and running. Next, start it and click the gear icon to go to settings.

ds_toolbar

Now, in Download Station > General, check Enable eMule downloads.

ds_enable_emule

Then click Ok.

Now, you’ve enabled the eMule client, which you’ll now see as a tab at the bottom of Download Station:

ds_emule

Now that eMule is set up, you can load a blocklist by SSH-ing into your Synology and editing the following file:

/usr/syno/etc/packages/DownloadStation/amule/ipfilter_static.dat

This will allow you to specify your IP blocklist. Please note that this is only for the aMule client, and not the Download Station’s torrent client.

Questions, comments, or other thoughts? Please share them in the comment section below. Thanks!

,

Leave a comment

Bash script to send contents of file containing URLs to Synology Download Station via API

This bash script will read a file containing a list of URLs line-by-line and send each of those URLs to a Synology DiskStation’s Download Manager via the published API.

Read the comments.

Note that, in user land, it might be easier to simply upload the text file to the Download Station. The below is useful if you want to programatically pass download tasks to Download Station, such as on the update of a web page, etc, etc.

UPDATE: This has been moved to github, here.

If you have any questions or comments on this script, please feel free to comment below. Thank you!

, , ,

2 Comments

How to move the SymformContribution directory from one volume to another on a Synology NAS

So you’ve got Symform all set up and running on your Synology NAS, and you’ve been contributing space, but now the volume that has your contribution folder is getting full, adn you’d like to move it without disrupting the data that other Symform users like yourself have trusted you with. How to do it? Easily.

In this example, I’ll show you how to move it from volume1 to volume2.

First, stop the Symform service from Package Center.

symform_stopped

Next, SSH into your Synology box and move the target directory to it’s new location, in this case, /volume2/SymformContribution

mv /volume1/SymformContribution/ /volume2

Next, edit the /volume1/@symform/lib/node.config file using vi and update the location by finding the line similiar to the following…

<contribution enabled="True" fragmentStorePath="/volume1/SymformContribution" port="53432" />

… and changing volume1 to volume2.

(Note, this is the same file that’s used to update the incoming port, see this post for more information.)

Save the file, and restart the Symform service.

symform_running

That’s it!

Questions or comments are welcome in the comments section below. Thank you for reading!

, , , , , ,

Leave a comment