A user suspicious activity detector for Synology NAS.
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
There are plenty of users that sometimes does not manipulate files properly. They corrupt file system hierarchy which disrupts production.
This project is an attempt for monitoring abnormal activities on Synology Network Attached Storage. It aims at performing appropriate response to user activities from log analysis.
Randetect is a deamon monitoring the changes made to the filesystem by samba clients. It filters user log using a customizable set of rules. Depending on criticity, randetect will:
-
ban the IP performing illegal actions,
-
power off the NAS in order to prevent spread - in case of a ransomware.
Direct changes made to the file system are not monitored i.e. activity perfomed through ssh...
(General architecture including Randetect)Randetect performs analysis on queries from Samba logs generated by the default Synology Log Center.
Randetect is build as a "static binary", this helps to prevent runtime issues.
The build.sh
script builds randetect
into 2 architectures using Cross.
Architecture | Synology NAS Model | Binary name |
---|---|---|
aarch64 | DS418... | randetect_aarch64-musl |
x86_64 | RS814RP+, RS815RP+, RS818RP+... | randetect_x86_64-musl |
In order to build randetect binaries, execute ./build.sh
in the Randetect's repository.
The following instructions will help setting up your project on a local Linux distro.
To get a local copy up and running follow these simple example steps.
Software needed and how to install them.
- Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
- Docker
Please follow instruction on official Docker website here.
- Cross
Please follow instruction on official Corss github repository here.
Installation can be tricky as Randetect has not been developed as a DSM Synology package. It requires the following steps in order for it to properly run on a system.
- After following the Prerequisites, build binaries using:
chmod +x build.sh && ./build.sh
-
Enable ssh connection on your NAS.
-
From your workstation, send the appropriate randetect binary to your NAS slash root directory using the following command:
scp -P <ssh_port> randetect_<archi> admin@<NAS_IP>:/root
-
Connect with ssh to your NAS.
-
Execute
randetect
with your environment variables - refer to Usage:
CRDTL=ABCDEFGHIJ01234567 TARGETSYS=62.186.103.42 FOLDER=/var/log/sms MAILTO="addr@domain.com" ./randetect_<archi>
In order to run the program, some env variables needs to be set.
CRDTL=ABCDEFGHIJ01234567
where the 10 first bytes are the sms system username and the 8 last bytes are the password.
TARGETSYS=62.186.103.42
ip or domain of the targeted machine.
FOLDER=/var/log/sms
target folder to send sms file to.
MAILTO=addr@domain.com
mail target for mail alert.
Example:
CRDTL=ABCDEFGHIJ01234567 TARGETSYS=62.186.103.42 FOLDER=/var/log/sms MAILTO="addr@domain.com" ./randetect
See the open issues for a list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the GPL2 License. See LICENSE
for more information.
CIL Lamballe - @cil_lamballe - contact@cil-lamballe.com
Project Link: https://github.com/CIL-Lamballe