Adeptus-Mechanicus

Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one


Zoneminder
Author - Randolph Osterroht
1. ONE FINE DAY...
One fine day, I had to let some aircon techie do some work in our server room, and as always, I comply without hesitation as I love my aircon environment. So I let the dirty aircon man in.. the filthy, filthy aircon man into our clean and virginal I.T. Room, and left him in there... alone... with my machines... It's like leaving your hot daughter alone in her room with... well... the tattooed, aircon guy.

No, just kidding, I trust the aircon guy.. but the fact is... I can't stay in the room with the aircon guy or any other person whilst he does what he has to do, because I have a million other things to do... and I realized that I have no monitoring system in there... I'd like to be able to record what goes on in there, or at the very least be able to discreetly drop in on the man and see what he is up to. On past occasion, I have felt the keen edge of a malicious attack on the server room, and when push came to shove, I had no ammo to prove who had done what, and so it was one person's word against another. Bad for me.

I went hunting for some kind of solution and found that commercial security monitoring solutions cost an arm and a leg plus never mind the fact that you will then have to let in a filthy, filthy, security camera guy in to your virginal server room. So I turned to the oracle (Google, for those non-IT) as I do in times of need, and a utility called Zoneminder (see here) was revealed to me (through the force, of course)This neat app runs as a web server on a Linux box that you can access from anywhere in your network, and if you were so inclined, from any web-browser in the world, it uses the mySQL engine and pumps out on apache, it uses the v4l Linux video drivers and supports a wide range of usb and IP based cameras (so it does cater for more professional setups and the home user.)

2. GET SOME ZONEMINDER
The download is fairly straightforward and the install instructions are pretty well documented on the actual website. I will take you through my installation on a fedora core 5 box. Installing fedora core 5 however I won't take you through.. sorry, I just don't do the lower stuff anymore.. that's beneath me. Kidding, I have a fervent desire to one day put up my custom fedora installs for both server config. and desktop. One day I'll do a paper.

In any case, you will need a linux box with the latest version of mysql put your server into runlevel 3 and kill any unnecessary processes. Have both mysql and httpd start on server startup. In fact, to really streamline that install, try this out... have only ssh, cron, syslog, network, httpd and mysql come up on system start. Your box will fly. Oh, by the way, I am running this server on an old p4 acer laptop with 512 MB ram. It wasn't being used anymore, screen was fsck'd. The webcam I am using is an old creative ct6840 which works a-ok on 320X240 resolution black and white only unfortunately. Doesn't drop a frame over our intranet. There are a few software requirements that you have to look at, but it runs out of the box with fedora core 5.
To make sure that you have the latest version of everything, just do a yum of the important things..
yum update mysql*
yum update httpd*

this should sort out any version hassles, (by the way, fc5 runs fine out the box, no updates required), create a folder under your web directory to serve zoneminder. In fedora core 5:
mkdir /var/www/html/zm

then download the Zoneminder program files...
wget http://www.zoneminder.com/downloads/ZoneMinder-1.22.3.tar.gz

 3. CONFIGURE, MAKE, MAKE INSTALL.
Untar the downloaded file into a folder somewhere..
tar -xvf ZoneMinder-1.22.3.tar.gz 
./configure --with-webdir=/var/www/html/zm –with-cgidir=/var/www/html

or you can edit these options to where your web pages will be served from. Obviously –with-webdir is where your webpages will sit and –with-cgidir is for cgi files. This line will create a database called zm on your local machine with a user called zmuser with zmpass as a password. If you want to change any of these options you can append any of these options to the end of your config string.. 
./configure --with-webdir=/var/www/html/zm –with-cgidir=/var/www/html “CONFIG OPTION(S) HERE”
 
where config option here is..
ZM_DB_HOST
ZM_DB_NAME
ZM_DB_USER
ZM_DB_PASS

so, lets say you wanted to create a user called jedibob on a database called detector on the local machine with a password of darthvader you would do.. 
./configure --with-webdir=/var/www/html/zm –with-cgidir=/var/www/html ZM_DB_USER=jedibob ZM_DB_HOST=localhost ZM_DB_PASS=darthvader ZM_DB_NAME=detector
 
If you run into a problem here on fedora core 5 it may be because you are missing a perl module called DateManIP... to keep things nice and simple here, I am just going to put in the exact syntax that you can put in to download and install DateManIP..
wget http://search.cpan.org/CPAN/authors/id/S/SB/SBECK/DateManip-5.44.tar.gz
tar -xvf DateManip-5.44.tar.gz
cd DateManip-5.44
perl Makefile.PL
make
make test
make install

and that should take care of the perl module problem. Anyway, whichever way you choose to do the install, that should initialize all the parameters which zoneminder needs in order for it to do its make, and so without further ado, run..
make
 
next create your database and database users..
mysql mysql < db/zm_create.sql

this creates your database, next step, you will enter mysql, and edit the mysql database to create your authorized users, so issue..
mysql mysql
grant select,insert,update,delete on <database name>.* to '<database user>'@localhost identified by '<database password>';

where the database name is your zoneminder database name, database user is the zoneminder user you created, @localhost is the machine that the database is sitting on, if it's a remote machine, be sure to substitute that machine's name or IP address here, and database passwd is fairly straightforward (if not, stop reading this and go back to solitaire) for example.. 
grant select,insert,update,delete on zm.* to 'zmuser'@localhost identified by 'zmpass';

this shows the command line string for allowing select, insert, update, and deletion rights to user zmuser on the localhost server's zm mysql database with a password of zmpass. Once having done this, quit the mysql prompt..
quit

and restart mysql
service mysql restart

now, last but not least type..
make install

this will create everything that needs to be created, everything will go in it's place. This also creates a default admin user for you with full edit rights. Username: admin, password: adminBy now you should have a fully working server. Start your server by issuing..
/usr/local/bin/zmpkg.pl start

which should start the zoneminder service. A quick way to test this is to see if you can see a login page if you issue a links command to the localhost server..
links http://127.0.0.1

if you see a logon prompt, well done. It's working.If not, check if..
Basically, make sure that you have created the permissions, and database correctly. Other than that, you're on your own. Bye. Actually not. There is a pretty comprehensive wiki/forum style site for zoneminder here:..
http://www.zoneminder.com/wiki/index.php/Welcome

4. SYSTEMS UP!
In any case, once you have the zoneminder up and running, log on into the zoneminder using username admin password admin, and the real fun begins! Zoneminder main window ..


looking at the top, we see console running, if it is not, click on it, another window will come up with a drop down menu, from here, we can start or stop zoneminder,


Later on I will show you how to create different run states, such as having a state that just monitors or a state that does just motion detection. So for example, if you only want motion detection done at night, you can set it like that. Now that it is running, you can add cameras to it, make sure that your usb camera is plugged in. then look under your linux server where the cam has attached itself to. In my box, for example, you will see that my cam is attached to /dev/video0 (you can look for it by doing a dmesg at the prompt, or by mining the /proc subsystem for more info)Once you know where your camera is sitting, it is time to add it to the zoneminder system. Click on add new monitor. You will see this.



You can now go and give a name to your new camera, hopefully a nice descriptive name so that you know where the camera is. Local or remote options will tell zoneminder if the camera is attached to this system or another remote one, and function can be monitor, modetect, mocord, record etc. pretty self explanatory so I won't go into detail there. Now if you go to Source... you will see...

 
Which is used to define exactly where your camera is. In my case, in device path, I would put in /dev/video0 for my usb cam. This is where you have to know a little about your USB cam. You have to know the capabilities of the device, in particular, the resolution. My cam will not work with any other res other than 320X240. So be aware when you fill in your values for capture width and capture height (P.S. I can only run my cam in Black and White mode. It's old and I'm too cheap to get a new one). Now, one of the cool things you can do with this program, is you can set your own modes for use, as I have said before, for example, you can set this camera so that it does motion detection at night, (and records events) and becomes a normal camera during the day. Unfortunately, there is nothing on this side which will let you adjust what runs where, but you can switch the run modes with cron.
 
For those of you that don't know what cron is, it's like a linux “Scheduled tasks” running what you want, when you want. But first, let's talk about actually creating your run modes in zoneminder. First you will have to configure the zoneminder console options to set it to what you want to do, and save it as a runstate. So you change zoneminder as you want it to be running at the time, and then click on the state section at the top just next to the zoneminder console title.


Which will bring the state window up.


Then to save the state, give it a nice descriptive name in the New Status: field, like, oh, I don't know, for example if you had a motion detector going, typing in “motiondetect” then click save, this then saves the state. Now, log onto your zoneminder box by using ssh. You will now edit crontab so that your recently saved run state will start up at a certain time. Now, once logged on, issue..
crontab -e

which will start up the crontab editor. Then edit this just like you would use vi, (vi is a linux command prompt text editor, I'm not covering that either) I will show you an example of a crontab file..
0 8 * * 1-5 /usr/local/bin/zmpkg.pl Monitor
0 17 * * 1-5 /usr/local/bin/zmpkg.pl Detection
* * * * 0,6 /usr/local/bin/zmpkg.pl Detection

Crash crontab course, first field is for minutes, then hours, then days (of month), then months, then days of the week, a star will be all the time, so, if we look at the first line, in human speak would mean: no seconds, but every eighth hour (am of course, there is no 8 pm in cron talk, 8pm in cron is 20) of every day, of every month, for the Monday to the Friday. After all the time specifications comes the command that you want to run.
 
So, take a closer look at this cron file, and you will see that there are basically two main events happening here, the zoneminder is switching from a normal camera type monitor, to a motion detector at night, but in detail, the monitor goes on at eight in the morning, then the motion detector takes over at 17:00 and runs till eight the next morning, unless it's the weekend, in which case it will run straight through till Monday 8 am. When you want to switch between states make sure you are being careful to mind the case as crontab is case sensitive as is most of linux. /usr/local/bin/zmpkg.pl is the location of the program, but when run with one of it's different run states, it will switch to that state. In our example above: Monitor and Detection.
 
6. STOP PLAYING WITH YOUR CAMERA!
Now, you can do a whole lot of weird and wonderful things with the cameras, one of these tricks is related to motion detection, you can set the detect area that the camera will pay attention to. This is useful if you are a shopkeeper and you have a shop front that faces a busy street, you can set the motion detect area to avoid the street which will eliminate a whole lot of false alarms.
 
You can do this by clicking on the actual camera that you are using on the main zoneminder screen..


In my ca
se, Servercam1 which will bring up..


If you click on the “Zones” button at the bottom left, it will bring up the zone editing console window which is..


With this you can now set the zones you wish to have motion detection. First you will have to click on add new zone to begin adding zones, then once you create a new zone, you will be able to click it, and edit the zone area at this screen at the bottom like this.


Once here, you can edit the camera sensitivity, the way that detection happens, and the area affected! You can also adjust the sensitivity here, which is something I recommend you do, I received a few false warnings when I left zoneminder running overnight, so tweak your settings a little to see how it goes. Once you have this setup, your modetect zoneminder is pretty much up and running. One last thing you should do is look through the options section,  one of the things you should consider setting up here is the e-mail option which will basically sends an e-mail to an administrator every time motion happens on one of your zomeminder cameras.
 
There are a whole lot more options in zoneminder that I haven't got the energy or time to cover here, but this paper should give you a good start point, or at the very least, a basic config for a working zoneminder box, there is a whole lot more than just this to these programs, I haven't even scratched the surface of this program so, take a look. I'm tired of typing and taking screenshots, so I'll leave you lot toy with zoneminder, which for a piece of software written in some guy's spare time because he got burgled is a bloody good piece of bitz 'n bytez if you ask me.