While I have been working this issue, hoping for some sort of fix forthcoming from Asustor, I found a security issue with the current version of Docker-CE currently in App Central. It will start an app called "kdevtmpfsi" which we see as "kdevtmpfs" in the processes tab of the Activity Monitor. This app in directly tied to the Kinsing crypto mining malware app. The following is the reply I just sent to Asustor on the Beta reporting for ADM 4.0:
I will keep the forum apprised of any updates from Asustor as a result of this ticket. In the mean time, I suggest users to discontinue using the current version of Docker until we hear directly from Asustor what the plan of resolution is. If I had the option to run the apps I need natively, without the need for a Docker image I would gladly do so, but Asustor has removed that functionality from App Central a while back, and now I'm somewhat stuck.Further information on the current docker image:
I did some further digging and found there is an actual security breach in the current version of the Docker we have on App Central. Somehow it installs an app called "kdevtmpfsi" which we see in the Processes tab of the Activity Monitor as "kdevtmpfs" This app always uses PID 28 from my observations. This app is associated to a crypto miner malware called Kinsing. Further troubleshooting has shown me that this app is only called while the Docker is running. After about 6 hours of up time, this app will take up to 25% of the IO Wait State as viewed with NetData, creating sluggish drive responses and creating a problem that can lead to excess raid synchronizations if the system is restarted while the app is running.
I have experienced this very issue, thinking it was a different type of problem, such as cooling of the main NAS or cooling on my AS-6004U. As such I have placed both units in a small refrigerator to help regulate the cooling, which hasn't had the impact I had anticipated.
After two to four days of up time, the server sees an IO Wait State rising upwards of 100%. Again, sluggish server responses, potential drive failures, or synchronization problems. I have noticed some traffic on my router that I couldn't figure out the cause. After disabling Docker I can only associate this additional traffic to this Kinsing app.
At this point it is paramount that Asustor update the current Docker image to one without this potential security hole. While you are updating the Docker it may also be prudent to update those apps that require it in the App Central app on the NAS. More information on this can be found at this link: https://github.com/docker-library/redis/issues/217