Archiving Surveillance Video

Script Time!
Bash to archive some files, and perl to send email alerts.

Even with my video captures only being triggered by motion... all the cars passing by, windy days, or cats that wander aimlessly around outside lead to images and .swf files to start building up fast. In the last week I had over 40000 .jpg files.. so along with turning down the sensitivity of the motion capture a bit, and moving a hanging plant out of the camera's view, I went ahead and made an archive script.

#!/bin/bash
#when archiving, toss the still images, keep the .swf videos. 
#This uses a for loop to do it because motion can actually create 
#more files than the rm command can handle by it's self.


for i in $(ls /motion/ |grep .jpg); do rm /motion/$i; done


#make a temp archive folder and drop the videos in it
mkdir /tmp/archv
mv /motion/*.swf /tmp/archv/.


#anything you use more than once should be a variable
timestamp=$(date |awk '{print $2$3"-"$6}')


#build all the videos into a timestamped tarball for storage
tar czvf archive-$timestamp.tar.gz /tmp/archv


#check to make sure the new archive was made
#if it wasnt, leave the tmp file alone and send an email alert
if [ -f archive-$timestamp.tar.gz ]
then
  rm -r /tmp/archv
else
  perl /root/mail.pl
fi


#while we're here, just check on the disk usage
#and send an email alert if its over 50%
if [ $(df -h |grep /dev/sda1|awk '{print $5}'|cut -d% -f1) -ge 50 ]
then
  /root/useagealert.pl
fi

The two perl scripts that are called are simple mailers, great little templates for interacting with sendmail. Here is an example of one:

#!/usr/bin/perl


$title='archive';
$to='me@myaddress.com';
$from= 'archive@myserver.org';
$subject='Archive Failed';


open(MAIL, "|/usr/sbin/sendmail -t");


## Mail Header
print MAIL "To: $to\n";
print MAIL "From: $from\n";
print MAIL "Subject: $subject\n\n";
## Mail Body
print MAIL "Archive process failed, please check the logs\n";


close(MAIL);

The archive script should then be added to the crontab, mine is set to archive twice a week for now, which will usually give me time to save images if I need to.

Linux: The Code, Parts 1 and 2

First two parts of "The Code", 2006 documentary on open source software and its use around the globe.

Hooray for more publicly available documentaries.

Networking Cheatsheets

Both for people trying to learn about these subjects for the first time, as well as for those of us that just like to have a quick reference handy, cheat-sheets will always have a place in information technology.

Thank you @packet_storm, these are awesome.

• IPv4 Cheatsheet http://packetstormsecurity.org/filedesc/IPv4_Subnetting.pdf.html
• Network Address Translation (NAT) Cheatsheet http://packetstormsecurity.org/filedesc/NAT.pdf.html
•  Virtual Lan (VLAN) Cheatsheet http://packetstormsecurity.org/filedesc/VLANs.pdf.html
•  Wireshark Display Filters Cheatsheet http://packetstormsecurity.org/filedesc/Wireshark_Display_Filters.pdf.html
• Common Ports Cheatsheet http://packetstormsecurity.org/filedesc/common-ports.pdf.html
• tcpdump Cheatsheet http://packetstormsecurity.org/filedesc/tcpdump.pdf.html
• Cisco IOS IPv4 Access Lists Cheatsheet http://packetstormsecurity.org/filedesc/IOS_IPv4_Access_Lists.pdf.html    

These are all from .:[ Packet Storm ]:. , one of my favorite sites.

Securing Webmin

If you are a fledgling sysadmin, feeling lazy, or just plain want a gui and find yourself installing webmin on your server, please take a few minutes to secure it. I have a few simple examples of how this can be done. A lot of this also applies to other systems, so its good information to know even if you plan on never running webmin.

Universal Step 1, Change the default port:

Webmin listens on port 10000 by default and it is well known, this is a port that scripts and attackers actively look for. So to start, just change the port and reload webmin. I'll use 54444, use a different one in your own setup.

#vim /etc/webmin/miniserv.conf

...

port=54444

listen=54444

...

#/etc/init.d/webmin restart

It would also be a good idea to at this point, if you hadn't already, add port 10000 to your portsentry rules. (http://www.insecuresystem.org/2010/01/iptables-blacklist.html)

Option, Limit Access with Iptables:

Only allow certain IP address or networks to reach the webmin port, drop all other attempts. I recommend establishing a chain similar to the example below.

#iptables -N WEBMIN

#iptables -I INPUT 1 -p tcp --dport 54444 -j WEBMIN

#iptables -I INPUT 2 -p udp --dport 54444 -j WEBMIN

#iptables -A WEBMIN -s 192.168.168.0/24 -j ALLOW

#iptables -A WEBMIN -j DROP

Option, limit it to localhost and access webmin via port-forwarding:

Edit the miniserv.conf file, then restart webmin

#vim /etc/webmin/miniserv.conf

allow=127.0.0.1

Then from any other machine establish an ssh tunnel which forwards the webmin port

#ssh -L 54444:localhost:54444 user@myserver.org

And point your browser at https://localhost:54444

Option, Hide it inside a VPN:

If you establish a simple VPN then you can use either Iptables or the miniserv allow option as above to limit webmin to only allow access to the private vpn subnet.

Finally:

Webmin has had exploits against in the past; if you use it, make sure you keep it up to date.


.....

ps:

#/etc/init.d/webmin stop

#emerge --unmerge webmin

Ettercap Plugins

Awesome high quality video from backtrack.it on using some of ettercap's plug-ins to both mess with network traffic, as well as detect if anyone else is trying to. I'll probably be exploring some of these myself soon.

Watch it full screen... with some good speakers for the music.