Patrick9876
Regular Contributor
Alert: rambling post. But I do eventually ask some questions.
I have 3 NAS devices - a small QNAP TS-128A with a pulic share (accessed by 4 Windows systems), a 3TB Synology DS218 with private shares containing backups of the same 4 Windows systems, and a 6TB Synology DS218 in a somewhat sheltered location containing backups for the other two NAS - no SMB access from Windows.
Since the two devices with public and private shares are accessed by SMB I consider them vulnerable to ransomware attacks and would like to take backups of them only if they have not been attacked.(Paranoia perhaps - I have no reason to I would be a victim of ransomware, and it has never happened ... yet.) The public NAS has lots of low-lying fruit for a ransomware attack - .txt files, etc. It should be easy to check if some had been encrypted, renamed, or otherwise molested. And I could easily put similar "validation" files on the private shares. All I need to do is test those files and prevent backups if they have been corrupted.
However, I have not found a way to incorporate such a test into backup software available on either the QNAP or Synology devices.
Synology DSM allows for user-written scripts so I could invoke rsync, wget, etc. from a script that first checks the files. But those just create a sync'ed copy of the source (I think). I would prefer to use true backup software that saves multiple backup generations. Synology has (at least) one such package, but I don't think it can be invoked from a script.
I've asked on two Synology forums if I've missed a capability to do what I want or a package that does what I want. So now I'm asking here. Is there something?
As near as I can tell, QNAP QTS has even less capability. It has no support for user-written scripts. People do SSH into the device and add their own scripts so I guess I could do that, but I can picture doing more harm than good. On the other hand, there seems to be no backup capability to a non-QNAP NAS so I think the "backup" I'm taking is just an rsync copy. I probably could to that in a script if I am brave enough. Or I could just continue to blindly do a sync to the Synology NAS, but the test and a real backup there.
So I guess I have a number of questions:
I have 3 NAS devices - a small QNAP TS-128A with a pulic share (accessed by 4 Windows systems), a 3TB Synology DS218 with private shares containing backups of the same 4 Windows systems, and a 6TB Synology DS218 in a somewhat sheltered location containing backups for the other two NAS - no SMB access from Windows.
Since the two devices with public and private shares are accessed by SMB I consider them vulnerable to ransomware attacks and would like to take backups of them only if they have not been attacked.(Paranoia perhaps - I have no reason to I would be a victim of ransomware, and it has never happened ... yet.) The public NAS has lots of low-lying fruit for a ransomware attack - .txt files, etc. It should be easy to check if some had been encrypted, renamed, or otherwise molested. And I could easily put similar "validation" files on the private shares. All I need to do is test those files and prevent backups if they have been corrupted.
However, I have not found a way to incorporate such a test into backup software available on either the QNAP or Synology devices.
Synology DSM allows for user-written scripts so I could invoke rsync, wget, etc. from a script that first checks the files. But those just create a sync'ed copy of the source (I think). I would prefer to use true backup software that saves multiple backup generations. Synology has (at least) one such package, but I don't think it can be invoked from a script.
I've asked on two Synology forums if I've missed a capability to do what I want or a package that does what I want. So now I'm asking here. Is there something?
As near as I can tell, QNAP QTS has even less capability. It has no support for user-written scripts. People do SSH into the device and add their own scripts so I guess I could do that, but I can picture doing more harm than good. On the other hand, there seems to be no backup capability to a non-QNAP NAS so I think the "backup" I'm taking is just an rsync copy. I probably could to that in a script if I am brave enough. Or I could just continue to blindly do a sync to the Synology NAS, but the test and a real backup there.
So I guess I have a number of questions:
- Is there Synology backup software that can be invoked from a script?
- Or is there a way to invoke a DSM application from a script whether or not the application expects to be invoked that way?
- Or is there a way to change a DSM scheduled "system" task (as opposed to a user task) into a triggered task? (And can a simple validation script pull the trigger?)
- Am I missing other completely obvious solutions?