Processus standards sur NAS Synology DS716+II

Connaître son NAS

De temps en temps, on peut avoir besoin de connaître le détail des processus qui tournent sur son NAS, et plus spécifiquement les processus standards. Par standard, j’entends les processus qui sont présents par défaut lorsqu’on installe un NAS Synology, ici le NAS Synology DS716+II.

Que cela soit pour détecter des processus anormaux (est-ce que mon NAS a été hacké ?) ou bien tout simplement dans une optique didactique, cet article pourrait vous intéresser.

Pour lister les processus de votre NAS, voici la ligne de commande à taper lorsque vous vous connectez en SSH à votre NAS :

ps -e -o uname,cmd --sort command >/volume1/documents/NAS/synology_processes_standards.txt

Cette commande permet d’obtenir un format épuré (sans les numéros de processus) et effectue un tri par nom de processus de manière à pouvoir exploiter par la suite le fichier obtenu « Synology_processes_standards.txt » (on en reparlera plus tard).

 

Processus par thème

Voici trié par thème le nom des processus :

AFP

AFP (Apple Share File Transfer) : 3 processus

root /usr/bin/afpd -d -F /etc/afp.conf
root /usr/bin/cnid_metad -d -F /etc/afp.conf
root /usr/bin/netatalk

AudioStation

Audio Station : 3 processus

root /var/packages/AudioStation/target/bin/pulseaudio –realtime=false
AudioSt+ /var/packages/AudioStation/target/sbin/synoaudiod
AudioSt+ /var/packages/AudioStation/target/sbin/synorcd

BDD

Base de données Postgres : 7 processus

postgres /usr/bin/postgres -D /var/services/pgsql
postgres postgres: checkpointer process
postgres postgres: writer process
postgres postgres: wal writer process
postgres postgres: DownloadStation download [local] idle
postgres postgres: DownloadStation download [local] idle
postgres postgres: DownloadStation download [local] idle

BureauDSM

Bureau DSM : 6 processus (nombre variable)

root synoscgi
system synoscgi
system synoscgi
system synoscgi
system synoscgi
system synoscgi

 

CloudStation

Cloud Station Server: 7 processus

root /var/packages/CloudStation/target/sbin/cloud-authd
root /var/packages/CloudStation/target/sbin/cloud-cached
root /var/packages/CloudStation/target/sbin/cloud-cleand
root /var/packages/CloudStation/target/sbin/syncd
root /var/packages/CloudStation/target/sbin/syncd
root /var/packages/CloudStation/target/sbin/syncd
root /var/packages/CloudStation/target/sbin/syno-cloud-clientd

Daemon

Daemon du moniteur système : 1 processus
root /usr/syno/bin/scemd

DDNS

DDNS (Dynamic Domain Name Service) : 1 processus

root /usr/sync/sbin/ddnsd

 

DownloadStation

Download Station : 2 processus

Downloa+ /var/packages/DownloadStation/target/sbin/scheduler
Downloa+ /var/packages/DownloadStation/target/sbin/synodldbrpcd

FileStation

File Station : 11 processus

root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd

 

PhotoStation

PhotoStation : 4 processus

root /usr/syno/bin/photostationd
root /var/packages/PhotoStation/target/sbin/synophototaskd
PhotoSt+ php-fpm: pool PhotoStation
PhotoSt+ php-fpm: pool PhotoStation

PHP70

PHP 7.0 : 2 processus

root php-fpm: master process (/var/packages/PHP7.0/target/usr/local/etc/php70/php-fpm.conf)
root php-fpm: master process (/usr/syno/etc/packages/WebStation/php70/fpm.conf)

Planificateur

Planificateur de tâches : 2 processus

root /usr/sbin/crond
root /usr/syno/sbin/synocrond

ServiceIndexation

Service indexation : 7 processus

root /usr/syno/sbin/synoindexd
root /usr/syno/sbin/synoindexplugind
root /usr/syno/sbin/synoindexscand
root /usr/syno/sbin/synoindexworkerd
root /usr/syno/sbin/synomediaparserd
root /usr/syno/sbin/synomkflvd
root /usr/syno/sbin/synomkthumbd

 

ServiceInterneDSM

Service interne DSM : nombre large de processus 

root [RODSP_ODX_LOGIN]
root [RODSP_VDISK_LOG]
root [RODSP_VLUN_LOGI]
root [Syno_HDDMon]
root [ata_sff]
root avahi-daemon: running [CloudStation.local]
root [bioset]
root [bioset]
root [bioset]
root [bioset]
root [bioset]
root [bioset]
root /usr/bin/cgmanager –sigstop
root [cifsiod]
root [crypto]
root /sbin/dbus-daemon –session –fork –print-address
root /sbin/dbus-daemon –system –nopidfile
root [deferwq]
root /usr/sbin/dhclient -4 -d -q -lf /tmp/dhcpv4.leases.eth0 -pf /tmp/dhcpcd-eth0.pid -sf /tmp/dhclient-script eth0
root /usr/sbin/dhclient -4 -d -q -lf /tmp/dhcpv4.leases.eth1 -pf /tmp/dhcpcd-eth1.pid -sf /tmp/dhclient-script eth1
root /var/packages/MediaServer/target/sbin/dms
root [ecryptfs-kthrea]
root [etxhci_wq3]
root [ext4-dio-unwrit]
root [ext4-dio-unwrit]
root [ext4-group-desc]
root [ext4-group-desc]
root /usr/syno/bin/findhostd
root [fsnotify_mark]
root /sbin/getty 115200 console
root /usr/syno/sbin/heartbeatd
root /usr/syno/sbin/hotplugd
root /sbin/init
root [iscsi_eh]
root [jbd2/dm-0-8]
root [jbd2/md0-8]
root [kblockd]
root [kdevtmpfs]
root [kdmflush]
root [kethubd]
root [khelper]
root [khubd]
root [khungtaskd]
root [kintegrityd]
root [ksmd]
root [ksoftirqd/0]
root [ksoftirqd/1]
root [ksoftirqd/2]
root [ksoftirqd/3]
root [kswapd0]
root [kthreadd]
root [kworker/0:0]
root [kworker/0:0H]
root [kworker/0:1]
root [kworker/0:1H]
root [kworker/0:2]
root [kworker/1:0]
root [kworker/1:0H]
root [kworker/1:1]
root [kworker/1:1H]
root [kworker/1:2]
root [kworker/1:3]
root [kworker/2:0]
root [kworker/2:0H]
root [kworker/2:1]
root [kworker/2:1H]
root [kworker/2:2]
root [kworker/2:3]
root [kworker/3:0]
root [kworker/3:0H]
root [kworker/3:1]
root [kworker/3:1H]
root [kworker/3:2]
root [kworker/u8:0]
root [kworker/u8:1]
root [kworker/u8:2]
root [kworker/u8:3]
root [kworker/u8:4]
root [kworker/u8:5]
root [kworker/u8:6]
root [kworker/u9:0]
MediaSe+ /var/packages/MediaServer/target/sbin/lighttpd -f /var/packages/MediaServer/target/etc/lighttpd.conf -m /var/packages/MediaServer/target/lib/lighttpd
root [md]
root [md0_raid1]
root [md1_raid1]
root [md2_raid1]
root [migration/0]
root [migration/1]
root [migration/2]
root [migration/3]
root [netns]
root [nfsiod]
root nginx: master process /usr/bin/nginx -g pid /run/nginx.pid; daemon on; master_process on;
http nginx: worker process
http nginx: worker process
http nginx: worker process
http nginx: worker process
root /usr/bin/nmbd -F
ntp /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u ntp:ntp
root [raid5wq]
root [rcu_bh]
root [rcu_sched]
root [rodsp_aio]
root [rpciod]
root [scsi_eh_0]
root [scsi_eh_1]
root [scsi_eh_2]
root [scsi_eh_3]
root /usr/syno/sbin/synoagentregisterd
root /usr/syno/bin/synobackupd
root /usr/syno/sbin/synocgid -D
root /usr/syno/sbin/synoconfd -D
root /usr/syno/sbin/synologaccd -f
root /usr/syno/bin/synologrotated
root /usr/syno/sbin/synonetd
root /usr/syno/sbin/synosnmpcd
system /usr/bin/syslog-ng -F –worker-threads=4 -u system -g log
root [target_completi]
root [tmr-rd_mcp]
root udevd –daemon
root [usb-storage]
root /usr/bin/vmtouch -lfd /var/run
root [watchdog/0]
root [watchdog/1]
root [watchdog/2]
root [watchdog/3]
root [writeback]
root [xcopy_wq]

SMB

SMB (Server Message Block) : 3 processus

root /usr/bin/smbd -F
root /usr/bin/smbd -F
root /usr/bin/smbd -F

SNMP

SNMP (Simple Network Management Protocol) : 1 processus

root /usr/bin/snmpd -fLn -c /etc/snmp/snmpd.conf -p /var/run/snmpd.pid 127.0.0.1:161

SSH

SSH (Secure Shell) : 1 processus

root /usr/bin/sshd

 

StorageDevice

Storage Device : 3 processus

root synostoraged
root /usr/syno/sbin/synostoraged
root /usr/syno/sbin/synostoraged

Synchro

Synchro du dossier partagé : 1 processus

root /usr/syno/bin/s2s_daemon -d

 

USBCopy

USB Copy: 1 processus

root /var/packages/USBCopy/target/sbin/usb-copyd

 

USearch

Universal Search : 1 processus

root /var/packages/SynoFinder/target/sbin/synoelasticd

 

VideoStation

Video Station : 5 processus

root /var/packages/VideoStation/target/sbin/synovideoconversiond
root /var/packages/VideoStation/target/sbin/synovideoindexd
root /var/packages/VideoStation/target/sbin/synovideometadatad
root /var/packages/VideoStation/target/sbin/synovideopreprocessd
root /var/packages/VideoStation/target/sbin/synovpcd

WebStation

Web Station : 7 processus

http /var/packages/WebStation/target/usr/bin/fcgiwrap
http /var/packages/WebStation/target/usr/bin/fcgiwrap
http /var/packages/WebStation/target/usr/bin/fcgiwrap
http /var/packages/WebStation/target/usr/bin/fcgiwrap
http php-fpm: pool www
http php-fpm: pool www
http /var/packages/WebStation/target/usr/bin/multiwatch -f 4 — /var/packages/WebStation/target/usr/bin/fcgiwrap

 

Windows

Windows Network Discovery : 1 processus

root /usr/bin/minissdpd -i eth0 -i eth1

 

SCSI

iSCSI Target: 2 processus

root /usr/syno/bin/iscsi_snapshot_comm_core -D
root /usr/syno/bin/iscsi_snapshot_server -D

 

Liste complète des processus

Si vous souhaitez exploiter la liste complète des processus, voici le détail brut obtenu :

USER CMD
root [RODSP_ODX_LOGIN]
root [RODSP_VDISK_LOG]
root [RODSP_VLUN_LOGI]
root [Syno_HDDMon]
root /usr/bin/afpd -d -F /etc/afp.conf
root [ata_sff]
root avahi-daemon: running [CloudStation.local]
root [bioset]
root [bioset]
root [bioset]
root [bioset]
root [bioset]
root [bioset]
root /usr/bin/cgmanager --sigstop
root [cifsiod]
root /usr/bin/smbd -F
root /var/packages/CloudStation/target/sbin/cloud-authd
root /var/packages/CloudStation/target/sbin/cloud-cached
root /var/packages/CloudStation/target/sbin/cloud-cleand
root /usr/bin/cnid_metad -d -F /etc/afp.conf
root /usr/sbin/crond
root [crypto]
root /sbin/dbus-daemon --session --fork --print-address
root /sbin/dbus-daemon --system --nopidfile
root /usr/syno/sbin/ddnsd
root [deferwq]
root /usr/sbin/dhclient -4 -d -q -lf /tmp/dhcpv4.leases.eth0 -pf /tmp/dhcpcd-eth0.pid -sf /tmp/dhclient-script eth0
root /usr/sbin/dhclient -4 -d -q -lf /tmp/dhcpv4.leases.eth1 -pf /tmp/dhcpcd-eth1.pid -sf /tmp/dhclient-script eth1
root /var/packages/MediaServer/target/sbin/dms
root [ecryptfs-kthrea]
root [etxhci_wq3]
root [ext4-dio-unwrit]
root [ext4-dio-unwrit]
root [ext4-group-desc]
root [ext4-group-desc]
http /var/packages/WebStation/target/usr/bin/fcgiwrap
http /var/packages/WebStation/target/usr/bin/fcgiwrap
http /var/packages/WebStation/target/usr/bin/fcgiwrap
http /var/packages/WebStation/target/usr/bin/fcgiwrap
root /usr/syno/bin/findhostd
root [fsnotify_mark]
root /sbin/getty 115200 console
root /usr/syno/sbin/heartbeatd
root /usr/syno/sbin/hotplugd
root /sbin/init
root [iscsi_eh]
root /usr/syno/bin/iscsi_snapshot_comm_core -D
root /usr/syno/bin/iscsi_snapshot_server -D
root [jbd2/dm-0-8]
root [jbd2/md0-8]
root [kblockd]
root [kdevtmpfs]
root [kdmflush]
root [kethubd]
root [khelper]
root [khubd]
root [khungtaskd]
root [kintegrityd]
root [ksmd]
root [ksoftirqd/0]
root [ksoftirqd/1]
root [ksoftirqd/2]
root [ksoftirqd/3]
root [kswapd0]
root [kthreadd]
root [kworker/0:0]
root [kworker/0:0H]
root [kworker/0:1]
root [kworker/0:1H]
root [kworker/0:2]
root [kworker/1:0]
root [kworker/1:0H]
root [kworker/1:1]
root [kworker/1:1H]
root [kworker/1:2]
root [kworker/1:3]
root [kworker/2:0]
root [kworker/2:0H]
root [kworker/2:1]
root [kworker/2:1H]
root [kworker/2:2]
root [kworker/2:3]
root [kworker/3:0]
root [kworker/3:0H]
root [kworker/3:1]
root [kworker/3:1H]
root [kworker/3:2]
root [kworker/u8:0]
root [kworker/u8:1]
root [kworker/u8:2]
root [kworker/u8:3]
root [kworker/u8:4]
root [kworker/u8:5]
root [kworker/u8:6]
root [kworker/u9:0]
MediaSe+ /var/packages/MediaServer/target/sbin/lighttpd -f /var/packages/MediaServer/target/etc/lighttpd.conf -m /var/packages/MediaServer/target/lib/lighttpd
root [md]
root [md0_raid1]
root [md1_raid1]
root [md2_raid1]
root [migration/0]
root [migration/1]
root [migration/2]
root [migration/3]
root /usr/bin/minissdpd -i eth0 -i eth1
http /var/packages/WebStation/target/usr/bin/multiwatch -f 4 -- /var/packages/WebStation/target/usr/bin/fcgiwrap
root /usr/bin/netatalk
root [netns]
root [nfsiod]
root nginx: master process /usr/bin/nginx -g pid /run/nginx.pid; daemon on; master_process on;
http nginx: worker process
http nginx: worker process
http nginx: worker process
http nginx: worker process
root /usr/bin/nmbd -F
ntp /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u ntp:ntp
root /usr/syno/bin/photostationd
root php-fpm: master process (/var/packages/PHP7.0/target/usr/local/etc/php70/php-fpm.conf)
root php-fpm: master process (/usr/syno/etc/packages/WebStation/php70/fpm.conf)
PhotoSt+ php-fpm: pool PhotoStation
PhotoSt+ php-fpm: pool PhotoStation
http php-fpm: pool www
http php-fpm: pool www
postgres /usr/bin/postgres -D /var/services/pgsql
postgres postgres: checkpointer process 
postgres postgres: writer process 
postgres postgres: wal writer process 
postgres postgres: DownloadStation download [local] idle
postgres postgres: DownloadStation download [local] idle
postgres postgres: DownloadStation download [local] idle
root /var/packages/AudioStation/target/bin/pulseaudio --realtime=false
root [raid5wq]
root [rcu_bh]
root [rcu_sched]
root [rodsp_aio]
root [rpciod]
root /usr/syno/bin/s2s_daemon -d
root /usr/syno/bin/scemd
Downloa+ /var/packages/DownloadStation/target/sbin/scheduler
root [scsi_eh_0]
root [scsi_eh_1]
root [scsi_eh_2]
root [scsi_eh_3]
root /usr/bin/smbd -F
root /usr/bin/smbd -F
root /usr/bin/snmpd -fLn -c /etc/snmp/snmpd.conf -p /var/run/snmpd.pid 127.0.0.1:161
root /usr/bin/sshd
root /var/packages/CloudStation/target/sbin/syncd
root /var/packages/CloudStation/target/sbin/syncd
root /var/packages/CloudStation/target/sbin/syncd
root /var/packages/CloudStation/target/sbin/syno-cloud-clientd
root /usr/syno/sbin/synoagentregisterd
AudioSt+ /var/packages/AudioStation/target/sbin/synoaudiod
root /usr/syno/bin/synobackupd
root /usr/syno/sbin/synocgid -D
root /usr/syno/sbin/synoconfd -D
root /usr/syno/sbin/synocrond
Downloa+ /var/packages/DownloadStation/target/sbin/synodldbrpcd
root /var/packages/SynoFinder/target/sbin/synoelasticd
root /usr/syno/sbin/synoindexd
root /usr/syno/sbin/synoindexplugind
root /usr/syno/sbin/synoindexscand
root /usr/syno/sbin/synoindexworkerd
root /usr/syno/sbin/synologaccd -f
root /usr/syno/bin/synologrotated
root /usr/syno/sbin/synomediaparserd
root /usr/syno/sbin/synomkflvd
root /usr/syno/sbin/synomkthumbd
root /usr/syno/sbin/synonetd
root /var/packages/PhotoStation/target/sbin/synophototaskd
AudioSt+ /var/packages/AudioStation/target/sbin/synorcd
root synoscgi
system synoscgi
system synoscgi
system synoscgi
system synoscgi
system synoscgi
root /usr/syno/sbin/synosnmpcd
root synostoraged
root /usr/syno/sbin/synostoraged
root /usr/syno/sbin/synostoraged
root /var/packages/VideoStation/target/sbin/synovideoconversiond
root /var/packages/VideoStation/target/sbin/synovideoindexd
root /var/packages/VideoStation/target/sbin/synovideometadatad
root /var/packages/VideoStation/target/sbin/synovideopreprocessd
root /var/packages/VideoStation/target/sbin/synovpcd
system /usr/bin/syslog-ng -F --worker-threads=4 -u system -g log
root [target_completi]
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root /var/packages/FileStation/target/sbin/thumbd
root [tmr-rd_mcp]
root udevd --daemon
root /var/packages/USBCopy/target/sbin/usb-copyd
root [usb-storage]
root /usr/bin/vmtouch -lfd /var/run
root [watchdog/0]
root [watchdog/1]
root [watchdog/2]
root [watchdog/3]
root [writeback]
root [xcopy_wq]

 

Exemple concret : Docker et MineCraft

Supposons que vous avez installé Docker et MineCraft sur notre NAS : comment connaître les nouveaux processus qui ont été mis en place suite à cette installation ?

C’est assez simple, deux commandes sont nécessaires pour cela.

Tout d’abord lancez à nouveau la commande « ps » sur votre NAS comme ci-dessous :

ps -e -o uname,cmd --sort command >/volume1/documents/NAS/synology_processes_nouveaux.txt

Ensuite faites une comparaison entre le fichier de départ « synology_processes_standards.txt » et le nouveau fichier « synology_processes_nouveaux.txt » :

diff -u /volume1/documents/NAS/synology_processes_standards.txt /volume1/documents/NAS/synology_processes_nouveaux.txt  >/volume1/documents/NAS/diff.txt

Vous devriez obtenir le résultat ci-dessous :

diff1-1diff1-2

En rouge (ligne avec « – » devant), il s’agit des lignes supprimées, c’est à dire les processus qui ont disparus : rien de bien majeur puisqu’il s’agit de « kworker » (gestion des threads sous NAS Synology). Notez que « /sbin/dbus-daemon » apparait car il n’est pas dans le même ordre, mais il est toujours présent sur le NAS.

En vert (ligne avec « + » devant), il s’agit des lignes ajoutées, c’est à dire les processus qui sont apparus. On notera les suivants :

+root /var/packages/Docker/target/usr/bin/docker daemon --config-file /var/packages/Docker/etc/dockerd.json
+root docker-containerd -l /var/run/docker/libcontainerd/docker-containerd.sock --runtime docker-runc --start-timeout 2m
+minecra+ java -Xmx5120M -Xms5120M -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalPacing -XX:+AggressiveOpts -jar /volume1/@appstore/Minecraft/minecraft.jar nogui
+root /var/packages/Docker/target/usr/syno/bin/synoddsmd
+minecra+ tail -n 0 -f /tmp/stdin.minecraft
+root /var/packages/Docker/target/termd/termd -d

 

Bingo ! Ils correspondent bien aux nouveaux processus liés soit à Docker soit à MineCraft.

Le même principe pourra être utilisé, si vous souhaitez à un instant donné connaître tous les processus « non standards » qui tournent sur votre NAS.

Bonne recherche 🙂

 

 

Publicités

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s