Synology beste instellingen voor Quick Connect

Use a public DNS server (For example Google DNS servers):

Control Panel, Network, General, Select Manually configure DNS server, Preferred DNS server: 8.8.8.8, Alternative DNS server: 8.8.4.4

Turn off IPv6:

Control Panel, Network, Network Interface, Select connected LAN interface, edit, IPv6, IPv6 setup off

Manual IP Address:

Control Panel, Network, Network Interface, Select connected LAN interface, edit,IPv4, use manual configuration. Don't fill in a DNS server. Fill in IP address, Subnet Mask, Gateway. If configurable uncheck jumbo frame option. 

Time:

Control Panel, Regional Options, Synchronize with NTP server: 

For example  Server address: pool.ntp.org 

Check correct local time. 

Synology mount volume als read-only

Always contact Synology support first for help. If you like to try on your own risk: 

after a crashed volume which is not recoverable from the GUI you can try to mount the volume as read-only in a terminal. 

Make terminal ssh connection to Synology NAS. 

cat /etc/fstab

fdisk -l 

cat /proc/mdstat

mdadm --detail /dev/<mdX, check cat /proc/mdstat> 

check md not listed. For example md9 

use at own risk:

mdadm -A -R /dev/<md not listed> /dev/<disk not crashed> /dev/<disk not crashed> 

-A, --assemble Assemble a pre-existing array

-R, --run Attempt to start the array even if fewer drives were given than are needed for a full array. Normally if not all drives are found and --scan is not used, then the array will be assembled but not started. With --run an attempt will be made to start it
anyway.

command should return the message "mdadm: /dev/<md not listed>  has been started with x drives."

lvm vgscan : take note of volume group name

vgchange -a y <volume group name, for example:vg1000>

-a, --activate 

The command to mount the volume as read-only in order:

mount -o ro,noload /dev/<volume group name>/lv /volume1

volume group must exists on your system. 

the volume should be reachable in the terminal session. 

To see the data in DSM using File Station or Windows File Service (SMB) 

synospace --map-file -d

synocheckshare

Synology check health harde schijven

Storage Manager, HDD/SDD

Select disk and expand information.

Check Status: Normal

Check S.M.A.R.T status: Normal 

Check Bad sector count: 0

Select disk and health info, overview

Disk Reconnection Count, Bad Sector Count and Disk Re-identification Count indicate the total quantity of events that have occurred on your disk or system.

Your data are still safely stored on the disk. Although these parameters provide early warning and information about disk health trends, they do not directly imply imminent disk failure.

Disk Reconnection Count display the sum of S.M.A.R.T. Attribute “UItraDMA CRC Error Count” and other interface issues detected by the system. If this parameter increases abruptly compared to general tendency, it may indicate that the disk or some hardware components are aging.

Select disk and health info, S.M.A.R.T test

Run Quick and Extended test. Check results. 

Select disk and health info, S.M.A.R.T info 

Use https://en.m.wikipedia.org/wiki/S.M.A.R.T. for reference 

check status: OK

Important attributes:

01 Read Error Rate:

(Vendor specific raw value.) Stores data related to the rate of hardware read errors that occurred when reading data from a disk surface. The raw value has different structure for different vendors and is often not meaningful as a decimal number.

If you see any non-zero raw values for ID 1 (for WD and Samsung disks) in the disk S.M.A.R.T. info, the disk is defective.

05 Reallocated Sectors Count : 0

09 Power-on Hours:

Count of hours in power-on state. The raw value of this attribute shows total count of hours (or minutes, or seconds, depending on manufacturer) in power-on state.

By default, the total expected lifetime of a hard disk in perfect condition is defined as 5 years (running every day and night on all days). This is equal to 1825 days in 24/7 mode or 43800 hours.

10 Spin Retry Count: 0 

184 End-to-End error / IOEDC: 0

187 Reported Uncorrectable Errors: 0

188 Command Timeout: 0

196 Reallocation Event Count: 0

197 Current Pending Sector Count: 0

198 (Offline) Uncorrectable Sector Count: 0 

201 Soft Read Error Rate or TA Counter Detected: 

Volgens Synology:

If you see any non-zero raw values for ID 1 (for WD and Samsung disks) and ID 5/197/198 (for all disks) in the disk S.M.A.R.T. info, the disk is defective.

Synology terminal S.M.A.R.T rapportage

smartctl --scan

smartctl -a -d sat -T permissive /dev/sda

/dev/sda is the drive

-aPrints all SMART information about the disk.

-d satSpecifies device type. “Sat” is SCSI to ATA Translation (SAT) that is required with Synology.

 -T permissiveDefines tolerance type. “Permissive” tells to ignore failure(s) of mandatory SMART commands and is required with Synology.
 
The commando also shows Hardware disk information:
 
Model Family:     

Device Model:     

Serial Number:   

LU WWN Device Id:

Firmware Version: 80.00A80

User Capacity:    

Sector Sizes:     

Device is:       

ATA Version is:   

SATA Version is:  

Local Time is:    

SMART support is: 

SMART support is: 

 

To run a short S.M.A.R.T test: 

smartctl -d sat -t short /dev/sda

Synology weerbaar maken

Synology DSM 6.1 hardening settings:

  • Control Panel, security, advanced, TLS/ SSL Cipher Suites, Select Modern compatibility 
  • Control Panel, user, advanced, Password Settings, Apply password strength rules, select; 
    • Exclude name and description of user from password. 
    • Include mixed case
    • Include numeric characters
    • Include special characters
    • Exclude common password
    • Minimal password length: 8
    • Password history (times): 3
  • Control Panel, user, advanced,Password Expiration, select;
    • Enable password expiration 
    • Maximum password valid duration (days): 183 (except administrator users) 
    • Minimum password valid duration (days): 1
    • Prompt users to change password upon login before expiration (days): 14
    • Send expiration notification emails; sent at 12:00, Days before the expiration; 14,10,5,3,2,1 
  • 2-Step Verification,select
    • Enforce 2-step verification for the following users, all users
  • Control Panel, Terminal & SNMP, Terminal, (in case) SSH service, advanced settings, High
  • Control Panel, Security, Selecteer:
    • Improve protection against cross-site request forgery attacks
    • Improve security with HTTP Content Security Policy (CSP) header.
    • Do not allow DSM to be embedded with iFrame.
    • Clear all saved user login sessions upon system restart. 
  • Control Panel, Network, DSM settings, Selecteer Automatically redirect HTTP connections to HTTPS ( Web Station and Photo Station excluded )

 

Synology snelheid test

turn on ssh on the Synology NAS, Control Panel, Terminal & SNMP, enable SSH service. 

root Login using ssh:  

ssh user@servernameoripaddress 

sudo -i 

To download a file from a ftp server (example):

curl -O ftp://ftp.xs4all.nl/pub/test/1gb.bin

To upload a file to a ftp server (example):

make sure you have a 1GB file. Not in the root folder or delete afterwards.  

curl -T 1gb.bin ftp://speedtest.tele2.net/upload/

Speed in MByte/s(MB/s or kByte/s)
In case M multiple by 10 for megabit per second(Mbps)
In case k divide by 1000 for MByte/s(MB/s)
In case k divide by 100 for megabit per second(Mbps)

schedule download speed task:

create owner executable file with following contents: 

cd /volume1/homes/user/
curl -O ftp://ftp.xs4all.nl/pub/test/1gb.bin
rm /volume1/homes/admin/1gb.bin

Control panel, Task Scheduler, create task, run command 

/volume1/homes/user/<name file>.sh

Synology DSM 6 LDAP beveiliging

Use an LDAP editor like LDAPadmin.

Connect to LDAP server running on Synology NAS.

Host: Synology Nas server

Port: 389

base: cn=config

Simple authentication

TLS selected or deselected

Username: cn=config

password= same as root user LDAP server

After logging in

select cn=config and edit entry

add attribute or change value attribute olcTLSCipherSuite with your values. 

1 2 3 4