Category Archives: Computer

CRAB server firewall.iptables now fixed, so it will restart without a reboot.

For those of you familiar with my Linux server, y’all know that I run many custom BASH, Perl, and Python scripts.  We are going to discuss today my iptables firewall script, or actually the fact that I took the time to repair it.   Since upgrading the server to Fedora 20 in September 2014, my firewall script would start fine, but would choke on restarting, reloading, or running it over itself.  The end result would be that the server would sever all ports with the outside, effectively taking it down, needing a reboot to get it back online.  This was a real PITA, since I couldn’t really make any changes to the firewall without reboot.  I thought it was an end result of the OS changing from SysV init scripts to a systemd system.  How wrong I was….  The cause was simply a typo that I made while adding a feature, and a ‘done’ without a ‘while’ and a ‘fi’ without an ‘if’ stopped the script from accepting the restart and reload argument.  Most of the iptables rulesets were created before this typo, so it gave the ‘appearance’ that it was working properly.  Debugging a script of this size is a fairly daunting task, as the main firewall script is a healthy 50 pages, and its configuration file (one of a half dozen helper files) is about 7 pages long.  Since I’ve had a few questions about this firewall, I’ll share it with everybody…..

Download links are only viewable to logged in users.  All the other helper files, as well as these are all available upon request.  If you are a logged in user, and downloading these files, remove the .txt extension from the config and main files….

This is the screen information if the VERBOSE variable is set to 1 (Select the pop-out gadget to see this properly formatted)

Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

This is the configuration file that allows for easy firewall config.     (Select the pop-out gadget to see this properly formatted)

Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

This is the MAIN iptables firewall script that should be run at start.  (Select the pop-out gadget to see this properly formatted)

Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

All in all, it was a fairly productive week off.  I have a few other minor syntax errors to chase down, but the firewall is operating within normal parameters…..

 

Security Camera BASH script to merge Zoneminder events into mp4 videos

The following script is a BASH (Bourne Again Shell) script that will take zoneminder camera events and merge them into mp4 videos that can easily be archived, or viewed.  The script will also ftp the resultant videos to a remote ftp server.

Zoneminder is a bit cumbersome to locate a particular event or time using the mysql events, or the ZM timeline, but this script streamlines that a bit, allowing you to use VLC or whatever and speed it up to ‘scan’ your day’s or week’s events…..

Very easy to configure as everything is set up using variables.  The script will create a directory name of the current date that it’s run under your home directory, or wherever you choose.

I have it set to run as a cron event daily, but you can set it to run weekly or how often you choose by changing the mtime value, and configuring the cron event to match.

Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [4.13 KB]

So as not to fill up the FTP server, I wrote a prune command that will delete those videos older than 60 days.  Also set to run as a cron event on the FTP server.  It will accept the following syntax:

/path.to.prune/prune </directory.path.containing.video.directories/

Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

You will need to strip the .txt from both scripts and set them to chmod 700 and run them under the cron of the proper user.

Server sendmail and icecast info

Well, I just noticed that the podcast and regular blog weren’t sending out email notifications any longer.  Pretty easy to track down.  For some reason, sendmail was not running.  Even easier to fix.  I simply did (as root):

# systemctl start sendmail

Tested the podcast’s php mail function, and all is well.

Something else that I’ve been chewing on for awhile and finally whipped a couple weeks ago.  I wanted my icecast server and IceS streaming source to behave like centovacast, with a ‘live’ mountpoint that ‘takes control’ of the stream…..  All I had to do is add these lines to /etc/icecast.xml:

<mount>
<mount-name>/stream</mount-name>
<fallback-mount>/live</fallback-mount>
<fallback-override>1</fallback-override>
<hidden>1</hidden>
<public>0</public>
</mount>

<mount>
<mount-name>/live</mount-name>
<fallback-mount>/autostream</fallback-mount>
<fallback-override>1</fallback-override>
<hidden>1</hidden>
<public>0</public>
</mount>

<mount>
<mount-name>/autostream</mount-name>
<fallback-override>1</fallback-override>
<hidden>1</hidden>
<public>0</public>
</mount>

Then, I just had to set IceS to send to the autostream mountpoint, instead of stream.  So, now, in absence of live, when you connect to the normal stream mountpoint, you fallback to live, then fallback to autostream.  The fallback-override directive allows a live source to ‘pull back’ listeners connected to the autostream.  😉

 

Security cameras now running under Fedora Linux (64 bit)

Well, I managed over the past few days to get the security cameras up and running on Fedora 21 Linux 64 bit using Zoneminder.  The cameras were running under WebCamXP under Windows 7 64 bit, but I grew tired of Bill Gates deciding to reboot the server, even though I instructed it not to perform updates.  Microsoft would occasionally decide that it was in my best interest to apply an update automatically, and do a reboot, rather than allowing me to do that.

Click here for some screenshots from the zoneminder site of it in action.  I’m already a fan of it since it’s running under Linux and Zoneminder Montageutilizing mysql.  For right now, it’s running ‘in parallel’ to the Win 7 server, to make sure that there aren’t any issues.  In a week or two, I shall finalize the migration.  Another point that would have probably been an issue with running two security servers ‘in parallel’ would have been overloading my wireless network, so I converted everything to ‘wired’ with the two servers in a temporary location to make sure everything is working properly.  I left the wireless access configured for it to use it as a ‘fallback’ in case the wired ethernet fails.  (The picture above is not my actual cameras, btw.)

Another upside to this is that the zoneminder console is far less cpu hungry than its windows counterpart.  It’s running at around 75% to Zoneminder Console85% cpu free.  For you hardware geeks out there, it’s running Fedora 21 (64 bit) on a compaq (or HP, if you would rather) machine with an Intel i5 quad core 3.10 Ghz cpu with 8 GB of ram.  (I checked, and got similar numbers on Fedora 21 32 bit with 4GB of ram.) (The picture above is not my actual console, or web address.)  (Yes, I have my console password protected.)  If anybody is inclined, and needs help to set things up, just ask, and I’ll be happy to post a tutorial here.  (Since it’s linux-based, its hardware requirements aren’t that high.)