Search the Community

Hello! I am xpenology user. And I am an IT engineer who creates shell scripts as hobbies. Please understand that it is written by a google translate site. because i’m korean who is not fluent in English. I created a tool to change cpu information for Xpenology’s users. Modify the actual cpu name and cores of your pc or server. Howto Run ============================================================= 1. Download attached file on your PC (ch_cpuinfo.tar) (ch_cpuinfo_en.tar) / (ch_cpuinfo_kr.tar is file for korean) 2. Upload file to your DSM location (by filestation, sftp, webdav etc....) 3. Connect to ssh by admin account. (dsm > control panel > terminal & snmp > terminal > enable ssh check) 4. Switch user to root: sudo su - (input admin password) 5. Change directory to where ch_cpuinfo.tar file is located: cd /volume1/temp 6. Decompress file & check file: tar xvf ch_cpuinfo.tar ls -lrt (check root’s run auth) 7. Run to Binary file ./ch_cpuinfo or ./ch_cpuinfo.sh (If you use busybox in DSM 5.x, you can use it as a source file) 8. When you execute it, proceed according to the description that is output. 9. Check your DSM’s CPU name, CPU cores at “information center” ==================================================== Addtional, Adjust binary to excute file made by shc(http://www.datsi.fi.upm.es/~frosal) The tool does not inclue worms, bad code. If you want to edit the CPU information yourself manually, please refer to the contents below. ——————————————————————————————————————————————————————————————— Location : /usr/syno/synoman/webman/modules/AdminCenter Source : admin_center.js / admin_center.js.gz(above 6.2) Add Before -> if(Ext.isDefined(h.cpu_vendor)&&Ext.isDefined(h.cpu_family)&&Ext.isDefined(h.cpu_series)){ o.push([_T("status","cpu_model_name"),String.format("{0} {1} {2}",h.cpu_vendor,h.cpu_family,h.cpu_series)])} if(Ext.isDefined(h.cpu_cores)){o.push([_T("status","cpu_cores"),h.cpu_cores])} Add contents: h.cpu_vendor="Intel";h.cpu_family="Xeon";h.cpu_series="E3-1220 V3";h.cpu_cores="4 Cores (1 CPU/4 Cores | 4 Threads)"; h.cpu_detail="<a href='https://ark.intel.com/content/www/us/en/ark/search.html?_charset_=UTF-8&q=E3-1220 V3' target=_blank>detail</a>" Change contens: String.format("{0} {1} {2}",h.cpu_vendor,h.cpu_family,h.cpu_series) to String.format("{0} {1} {2} {3}",h.cpu_vendor,h.cpu_family,h.cpu_series,h.cpu_detail) ——————————————————————————————————————————————————————————————— Finally, All descriptions are based on version 6.2, and the actual executable file supports both 5.x and 6.x. Publish the source through github(https://github.com/FOXBI/ch_cpuinfo). For versions DSM 6.x and later, you can use the binary as before. If you use busybox in DSM 5.x, you can use it as a source file(ch_cpuinfo.sh). Please contact me by comment or bug report, i’ll respond to you as much as possible within my ability. Test & Made Environment ———————————————————————————————————— Base Server : HP ML310e v2 gen8 + VMware ESXi 6.0 + RDM DSM : 6.2.2-24922 Update 2 (DS3615xs/DS3617xs/918+) 6.1-15284 Update 2 (DS3615xs) Base Server : Intel E5-2630 v2 + VMware ESXi 6.7u2 DSM : 6.2.2-24922 Update 2 (DS3617xs) ———————————————————————————————————— Change Log 1. Support DSM 6.2.2-24922 Update 2 2. Consolidate and change to run in accordance with used DSM language environment(Only One File) 3. Add link for cpu detail information(Intel, AMD Site Link) - Support above version 6.x Thank you!! Have a nice day!! ============================================= Download links: ch_cpuinfo ver 1.1.0-r01 - new version update -> ch_cpuinfo.tar Reference images # 1.04b + DS918+ # 1.03b + DS3615xs # 1.03b + DS3617xs # Normal output is possible even when using more than 8core.

GeoIP Region Blocking using Synology Firewall I noticed internet performance issues today and was checking my router logs, I found excessive logs showing: Jun 18 20:55:48 dropbear[5405]: Child connection from <My Synology IP>:40894 Jun 18 20:55:49 dropbear[5405]: Exit before auth: Exited normally Jun 18 20:55:49 dropbear[5411]: Child connection from <My Synology IP>:40896 Jun 18 20:55:51 dropbear[5411]: Exit before auth: Exited normally I searched and found it was related to numerous invalid login attempts to the synology login page. This lead me to login to the cli of my synology and check logs for failed attempts. When checking the logs I found the most concerning log was /var/log/httpd/apache22-error_log 2018-06-18T19:28:42-06:00 nas [Mon Jun 18 19:28:42 2018] [error] [client 193.106.30.99] File does not exist: /var/services/web/wp-rdf.php 2018-06-18T20:11:16-06:00 nas [Mon Jun 18 20:11:16 2018] [error] [client 27.29.158.10] script not found or unable to stat: /var/services/web/login.cgi 2018-06-18T21:51:26-06:00 nas [Mon Jun 18 21:51:26 2018] [error] [client 172.18.0.2] File does not exist: /var/services/web/apple-touch-icon-precomposed.png 2018-06-18T21:51:26-06:00 nas [Mon Jun 18 21:51:26 2018] [error] [client 172.18.0.2] File does not exist: /var/services/web/apple-touch-icon.png 2018-06-18T21:51:26-06:00 nas [Mon Jun 18 21:51:26 2018] [error] [client 172.18.0.2] File does not exist: /var/services/web/apple-touch-icon-precomposed.png This lead me to consider blocking all geographical regions except my own. Most brute force attempts and vulnerability attacks are outside of my home country, this will reduce the attack surface significantly. My first attempt at implementing the geoip blocking was problematic, I attempted a "deny all" entry after the "allow local network range" and "allow my region" rules, but this ended up blocking all access to the services I had running. I thought I'd share how I implemented it for others wanting to reduce the surface area for attacks. Enable firewall Open Control Panel Select Connectivity -> Security Go to Firewall tab Check Enable firewall Add "Allow" Rules for internal network Select Edit Rules for the default Firewall Profile (Disregard existing rules in screen shot, these will be created in the following steps) Create rule to allow your internal/home network Add "Allow" Rules for your country/countries Create rule to allow specific locations Set network interface to deny if rules are not matched Select the network interface that is default to your synology (mine is LAN 1, you can find your interface under Connectivity -> Network -> Network Interface) ***This was the secret to getting the deny all after the allow rules to work*** Set "if no rules were matched: Deny Access" Click OK and Apply Test reaching your synology on your internal network and from external networks in your region. You can also validate if the firewall is blocking by using a Tor browser to send traffic from a different country to see if your firewall rules are working properly.