Synology check health info disks

Storage Manager, HDD/SDD

Select disk and expand information.

Check Status: Normal

Check S.M.A.R.T status: Normal 

Check Bad sector count: 0

Select disk and health info, overview

Disk Reconnection Count, Bad Sector Count and Disk Re-identification Count indicate the total quantity of events that have occurred on your disk or system.

Your data are still safely stored on the disk. Although these parameters provide early warning and information about disk health trends, they do not directly imply imminent disk failure.

Disk Reconnection Count display the sum of S.M.A.R.T. Attribute “UItraDMA CRC Error Count” and other interface issues detected by the system. If this parameter increases abruptly compared to general tendency, it may indicate that the disk or some hardware components are aging.

Select disk and health info, S.M.A.R.T test

Run Quick and Extended test. Check results. 

Select disk and health info, S.M.A.R.T info 

Use https://en.m.wikipedia.org/wiki/S.M.A.R.T. for reference 

check status: OK

Important attributes:

01 Read Error Rate:

(Vendor specific raw value.) Stores data related to the rate of hardware read errors that occurred when reading data from a disk surface. The raw value has different structure for different vendors and is often not meaningful as a decimal number.

If you see any non-zero raw values for ID 1 (for WD and Samsung disks) in the disk S.M.A.R.T. info, the disk is defective.

05 Reallocated Sectors Count : 0 

09 Power-on Hours:

Count of hours in power-on state. The raw value of this attribute shows total count of hours (or minutes, or seconds, depending on manufacturer) in power-on state.

By default, the total expected lifetime of a hard disk in perfect condition is defined as 5 years (running every day and night on all days). This is equal to 1825 days in 24/7 mode or 43800 hours.

10 Spin Retry Count: 0 

184 End-to-End error / IOEDC: 0

187 Reported Uncorrectable Errors: 0

188 Command Timeout: 0

196 Reallocation Event Count: 0

197 Current Pending Sector Count: 0

198 (Offline) Uncorrectable Sector Count: 0 

201 Soft Read Error Rate or TA Counter Detected: 

According to Synology Support:

If you see any non-zero raw values for ID 1 (for WD and Samsung disks) and ID 5/197/198 (for all disks) in the disk S.M.A.R.T. info, the disk is defective.

Synology terminal show S.M.A.R.T report

smartctl --scan

smartctl -a -d sat -T permissive /dev/sda

/dev/sda is the drive

-aPrints all SMART information about the disk.

-d satSpecifies device type. “Sat” is SCSI to ATA Translation (SAT) that is required with Synology.

 -T permissiveDefines tolerance type. “Permissive” tells to ignore failure(s) of mandatory SMART commands and is required with Synology.
 
The commando also shows Hardware disk information:
 
Model Family:     

Device Model:     

Serial Number:   

LU WWN Device Id:

Firmware Version: 80.00A80

User Capacity:    

Sector Sizes:     

Device is:       

ATA Version is:   

SATA Version is:  

Local Time is:    

SMART support is: 

SMART support is: 

 

To run a short S.M.A.R.T test: 

smartctl -d sat -t short /dev/sda

Synology Terminal Commands

Synology Terminal Commands

Synology Terminal Commando laat meerdere commando's zien die uitgevoerd kunnen worden na het maken van een ssh verbinding met de Synology NAS. Ssh moet wel eerst ingeschakeld worden op de Synology NAS om verbinding te kunnen maken.

Synology Terminal Commando

 

 

 

 

 

 

 

start terminal via ssh

ssh user@host

sudo -i

Geef nogmaals het wachtwoord op, hierna kunnen commando's uitgevoerd worden.

Check Network traffic and Bandwidth on Synology NAS.

synogear install

iftop

Synology Terminal commando check open port en programma:

netstat -natpu

-a, --all                display all sockets (default: connected)

-n, --numeric        don't resolve names

-p, --programs      display PID/Program name for sockets

-t                         display only TCP connections

-u.                       display only UDP connections

Synology display activity like pid, processor, memory and

htop

Synology Hardening

Synology Hardening

Synology Hardening steps to change the default settings to improve security on a Synology NAS. 

Synology Hardening

Synology DSM 6.1 hardening settings:

Using the  Security Advisor:

Install and run the Synology Security Advisor and consider changing the advised mentioned settings. 

Control Panel:
Control Panel, Update & Restore, DSM Update:
  • Update Settings. Change the settings accordingly with in mind that security fixes are applied as soon a possible. 
Control Panel, user:
  • make a new user with full administrative rights, test this new user and disable admin. 
  • Advanced, Password Settings, Select Allow non-administrator users to reset forgotten passwords via email. 
  • Avanced, Password Settings, Apply password strength rules, select;
    • Exclude name and description of user from password. 
    • Include mixed case
    • Include numeric characters
    • Include special characters
    • Exclude common password
    • Minimal password length: 8
    • Password history (times): 1
  • Advanced,Password Expiration, select;
    • Enable password expiration 
    • Maximum password valid duration (days): 183 (except administrator users). Check administrator user Password is always valid. Manually change this password regularly. 
    • Minimum password valid duration (days): 1
    • Prompt users to change password upon login before expiration (days): 14
    • Send expiration notification emails; sent at 12:00, Days before the expiration; 14,10,5,3,2,1 
  • Advanced, 2-Step Verification,
    • Enforce 2-step verification for the following users, all users
Control Panel, Terminal & SNMP, Terminal:
  • (in case) SSH service, advanced settings, High
Control Panel, Security, Security:
  • Improve protection against cross-site request forgery attacks
  • Improve security with HTTP Content Security Policy (CSP) header.
  • Do not allow DSM to be embedded with iFrame.
  • Clear all saved user login sessions upon system restart. 
Control Panel, Security,Firewall:
  • consider enabling firewall which depends on the IT infrastructure. Firewall rules can be enabled for VPN services which can improve security or protect a access for Hyperbackup. This can be implemented with an allow and deny rule for certain services. 
Control Panel, Security, Protection:
  • consider enable DoS protection depending on your IT infrastructure. 
Control Panel, Security,Account, Auto Block:
  • select Enable auto block, login attempts: 10, Within (minutes): 5. Enable block expiration, Unblock after (days): 1. Consider using an allow/block list. 
Control Panel, Security, Account, Enable Account Protection, Untrusted Clients:
  • login attempts:5
  • Within (minutes):1
  • Cancel account protection (minutes later):30 
Control Panel, Security, Account, Account Protection, Trusted clients:
  •  Login attempts:10
  • Within (minutes):1
  • Unblock (minutes later):30 
Control Panel, security, advanced, TLS/ SSL Cipher Suites:
  • Select Modern compatibility 
Control Panel, Network, DSM settings,
  • Selecteer Automatically redirect HTTP connections to HTTPS ( Web Station and Photo Station excluded ). 
Webbrowser:
  • Enable browser's incognito mode or using guest browsing feature when accessing Synology NAS with a public computer

Synology DSM 6 LDAP security

Use an LDAP editor like LDAPadmin.

Connect to LDAP server running on Synology NAS.

Host: Synology Nas server

Port: 389

base: cn=config

Simple authentication

TLS selected or deselected

Username: cn=config

password= same as root user LDAP server

After logging in

select cn=config and edit entry

add attribute or change value attribute olcTLSCipherSuite with your values. 

Synology DSM 6 SMB security

SSH connection:

for example admin@server

sudo -i

vi /etc/samba/smb.conf

Under global section:

server signing=mandatory
client signing=mandatory

min protocol=SMB2
max protocol=SMB3

The SMB connection with macOS can be checked with the following command in a terminal session.

check SMB connection (smbfs);

mount

check which version SMB used (SMB_version);

smbutil statshares -a

 

Synology DSM 6 (terminal) service control

Webuserinterface, Synology recommended:

Control Panel, Task Scheduler, Create Scheduled Task, Stop/Start Service 

Terminal command:

ssh admin@server

sudo -i

synoservicecfg --list

synoservicecfg --hard-stop <service>

synoservicecfg -stop <service>

synoservicecfg --hard-start <service>

synoservicecfg -start <service>

synoservice –status

synoservice –restart <service>

synoservicectl –restart <service>

Apache webserver:

stop pkg-apache22

start pkg-apache22

reload pkg-apache22


restart DSM Webapplication:

restart synoscgi


 

Add special Symbols under Mac OS X

For adding special symbols under Mac OS X like m² and m³ this is possible via show Emoji & Symbols. This option can be found under the flag in the menubar. You must activate system preferences, keyboard, show keyboard, emoji, symbol viewers in menu bar. To see the flag go to system preferences, keyboard, input sources  show input menu in menu bar.  

To add the symbols m² and m³ search under Emoji & Symbols to 2 or 3. Here you can add ² and ³. You add this symbols in Mail or Libre Office

 

1 2 3