Tag Archives: Security

Adding a Storage Drive to Gigastrand NVR

Using a secondary storage drive was not originally in the design for the Gigastrand NVR software however, it is a critical feature for many users to be able to separate out the video storage from their main system drive. It also solves a host of other issues with storage and even allows for an external device or a RAID to be used for storage.

At some point we will release a script file to do this automatically. For now, this is how you can do it manually. NOTE: This could result in data loss if not done properly. If you are not comfortable doing this on your own, Gigastrand can help you remotely.

  1. Format and setup the drive (using Parted or Gparted)
    1. NOTE: If you format the drive EXT3, the rest of the instructions will work fine. Otherwise, in step 4, change ext3 to the file system that you set the drive up with.
  2. Mount secondary drive (ex. sdb1, sda2) in /etc/kmotion/images_dbase
    sudo mount sdb1 /etc/kmotion/images_dbase

    1. NOTE: Rename the folder (ex. images_dbase2) before mounting if you want to copy information over later.
  3. edit fstab (/etc/fstab) as root (right-click on the file>Root Actions>Open As Text)
  4. Add the line:

    /dev/sdb1 /etc/kmotion/images_dbase ext3 relatime,errors=remount-ro 0 2

  5. Save the file
  6. Open the drive
  7. Change ownership to active user (right-click>Root Actions>Ownership to Active User)
  8. Edit /etc/apache2/envvars as root
  9. add the following 2 lines
    export APACHE_RUN_USER=user
    export APACHE_RUN_GROUP=user
  10. restart Apache

    sudo service apache2 restart

It wouldn’t hurt to restart the computer to make sure all the settings took hold but that is optional. Be sure to stop the NVR before you start and start the NVR (icons on the desktop) once complete.

 

Foscam setup in Gigastrand OS

Foscam cameras come in a wide variety for sizes and styles and have a number of features, however, they are not very Linux friendly. Just to access the back end to change camera settings, a Windows executable is required. This is the case on some other cameras as well.

The good news is that the Foscam cameras can be configured to stream video to the Gigastrand NVR without having to access the back-end. Using the default username and password, you can reserve the IP address it pulls down in the router. Then, follow the instructions below. Source: http://foscam.us/forum/how-to-fetch-snapshots-and-mjpeg-stream-on-hd-cameras-t4328.html

Fetching JPG snapshots by URL (HD Video)

http://ip address:port/cgi-bin/CGIProxy.fcgi?cmd=snapPicture2&usr=admin&pwd=

Fetching MJPEG stream by URL (SD Video)

There are two steps needed to fetch the MJPEG stream.

Step 1: Set the stream to MJPEG.

http://ip address:port/cgi-bin/CGIProxy.fcgi?cmd=setSubStreamFormat&format=1&usr=admin&pwd=

Here “1” sets an MJPEG stream, if we don’t want to set the MJPEG stream, we would set the number to “0” which sets an H.264 stream.

When inputting this URL and pushing “Enter” in your browser, it will return the following result:

<CGI_Result>
<result>0</result>
</CGI_Result>

Step 2: After setting the MJPEG stream, it can be fetched using an HTTP URL.

http://ip address:port/cgi-bin/CGIStream.cgi?cmd=GetMJStream&usr=admin&pwd=

Simply replace the IP address, port, username, and password into the above URL to access your camera’s MJPEG stream.

Accessing Foscam Back-end Natively in Gigastrand OS 

If you absolutely have to access the camera back-end, it can be done with a Virtual box running Windows, however, there is a less complicated way to do this.

Using Crossover, install Firefox 20. Gigastrand OS comes with a 14 day trial of Crossover. You can use this Windows version of Firefox to download and install the web components executable. This has been tested to work, though you will not be able to view video directly from the camera. You can get around this by using the MJPEG video URL in a native browser.

Gigastrand NVR: Drive Full, not recycling

Twice we have seen where the drive appears to fill up but there is no apparent reason for the drive being full. Three of the reasons we have seen so far are caused by 3 different but related issues.

1. Apache errors – for some unknown reason, the Apache log file (located in /var/log/apache2/) grows to an incredible size. Deleting the log file resolves this issue.
2. Virtual Ramdisk error – The Gigastrand NVR has a virtual ramdisk where it caches images. Sometimes (especially if the motion daemon is fiddled with) the ramdisk will start writing to the user folder. Deleting the files and and NVR restart will resolve that issue as well.
3. If you have a full compliment of cameras, the default storage size of 20Gb will fill up very fast (less than 12 hours in some cases). This is too fast for the machine to effectively clean up. This issue manifests itself in the same way as the other 2 issues, but the system is essentially working.

To fix the third issue, edit the /etc/kmotion/kmotion_rc file and change the images_dbase_limit_gb to something higher than 20Gb but less than your available storage.

 

Gigastrand re-releases OS 3.4 for a very good reason.

Gigastrand re-released Gigastrand OS 3.4 today for one very good reason: security.

The original image for Gigastrand 3.4 released about a week ago with a few minor enhancements and some security updates. Today’s release switches from OpenOffice to LibreOffice and adds a password reset tool that deletes itself from the desktop once it is used.

We decided it was time to switch to LibreOffice because it is better supported and more secure than OpenOffice. About the only thing OpenOffice had going for it was brand recognition.

The security tool is something we developed so users have a quick and easy way to set the root and user passwords after install. Once it is used once, the shortcut is removed from the desktop so it is not accidentally used again. The tool itself resides in the /etc/ folder.

A similar tool will be added to Gigastrand’s NVR software in the 1.5 release. Currently, you can reset the NVR password by going to Func and clicking on F12.

The aim in developing these tools is to prompt and assist end-users to secure their systems properly. Running default passwords on any device connected to the internet is never a good idea.

Included with this release is the Gigastrand NVR software – updated to 1.4. Some slight performance improvements have been included as well as a few new minor features.

 

Anatomy of an unsuccessful NVR attack

One of our NVRs was attacked recently using a known attack that would have compromised or destroyed an off the shelf DVR. The operating system was corrupted by the attack, but it effectively stopped the attack in its tracks. The damage was repaired in less than 45 minutes and only the software was affected.

We have learned quite a bit from the analysis of this NVR system. The attack was designed for Busybox – a version of Linux that runs many different types of embedded devices including security cameras and cheap DVR systems. The point was apparently to gain access to the system in order to use it in a distributed denial of service attack (DDoS).

We have been implementing new security rules on our NVR systems – with this system next on the list. We developed new security procedures after we posted this story from Ars Technica on our Gigastrand Facebook page. Changing default passwords is an easy and effective way to protect your system.

Many cameras also come with a proxy or Dynamic DNS service that allows easy access directly to the camera through a firewall. Gigastrand has been disabling these services on the cameras it sells. We recommend this for everyone using similar equipment.

We will soon be implementing changes that will make it easier for the end users to change default passwords on both the OS and NVR.

Everyone is Linux and Gigastrand OS Ready

You know, we came out with that updated Gigastrand OS / linux readiness quiz and it got me thinking.

10+ years ago, we had to find the right fit for our customers to use a particular flavor of Linux. So, we developed a web app to help automate the process. For us and our purposes, Gigastrand OS has really made that process obsolete.

The reality is that many people use Linux already. It often takes the form of Android on their phone or tablet or Chrome OS on their Chromebooks. Many people use Android set-top boxes or smart TVs and may businesses host websites on Linux-based servers.

So, yes, Gigastrand OS is powerful enough to replace your computer’s operating system and robust enough to run full time. However, even if you do cannot switch over, standalone solutions like the Gigastrand NVR and the Gigastrand Media Center are ways you can run Gigastrand OS without converting over completely.

So, in reality, everyone can run Gigastrand OS in one form or another. This also means that we have done what we set out to do back in 2012: making a Linux for Everyone.

This month, the current concept of Gigastrand OS will be 4 years old. January 4th, 2017 marks 3 years since we released Gigastrand OS 1.0. We thank everyone for their support along the way.

 

Gigastrand NVR Can Record Your Phone Camera

Gigastrand NVR can record IP and web cameras at megapixel resolutions. With the help of an app, you can now record your phone camera using the Gigastrand NVR.

How did we do it?

First, you have to install a program called IP Webcam from Google Play. There is a pro version that removes ads, etc. but, for testing, we went with the free version.

After that, we configured a few things, played with some settings, but we essentially just pressed start. The video url was http://IP.ADD.RE.SS:8080/video.

We will post this information on our NVR IP Camera Compatibility page.

Neat, huh? Why would anyone do that?

For several reasons.

1. Automatic pictures. Let’s say you want pictures of a particular landmark. You can set the NVR on snapshot mode and take 1 picture every second from your phone and send it to your desktop.

2. Personal security. With the help of a proxy like the DynDNS client, you can walk around and capture video of a place you are visiting. If you are the victim of a crime, your phone can be a silent witness.

3. Phone security. If your phone gets stolen, you will have video of who stole it.

4. Dashcam anyone? No need to buy a separate device. Capture your road trip or commute. If your phone is lost or damaged in an accident, you will still have documentation of the crash.

5. No more missing out. No more “Man! I wish I had my camera!” moments.

6. Baby monitor or home security. No need to buy a camera. Just use an old android device.

I am sure someone can think of a few more uses, but that should about do it.

Gigastrand successfully tests first High Definition IP camera with NVR

It is a fairly inexpensive high definition camera that initially seemed incompatible. It is a Dlink DCS-935L that can push HD video at 1280×720. On paper the camera looked compatible but the RTSP video streams could not be read by the software.

dcs-935l-front-sitecore

Today, Gigastrand re-tested the camera using the still frame URL of the camera. Not only was it viewable in live view, it also displayed and recorded high definition video.

This is a major breakthrough for the Gigastrand NVR. The method can be applied to other cameras thus opening up additional compatibility with HD cameras and resolutions. While this method works in the main NVR software, the Advanced Live View NVR (ALVN) is another matter.

This method is not compatible with ALVN. When the still frame URL is entered into ALVN, a single frame is rendered and doesn’t change until the page is reloaded. This will be resolved in a later version.

ALVN can display some video streams that the main software cannot handle. You can set up ALVN to use a streaming URL instead of the still image URL. Keep in mind that the still image URL might look different from the streaming URL.

Gigastrand will continue to test additional cameras and re-test cameras for enhanced capabilities.

Video Security: 4 things to avoid and what to look for

In 2001, I got my first real-world experience with installing security equipment. It was an all-in-one gizmo that was supposed to provide some kind of alarm and video from a couple of cameras. The customer bought it off the shelf from a wholesaler. It was such a giant piece of junk that pieces started to fail as we installed them. That experience led us to avoid security for nearly 10 years.

Video security has not always been a major part of Gigastrand but we have seen how small companies and box stores are able to sell cheap, prepackaged CCTV systems at ridiculous markups. For us, that has never sat well.

Folks aren’t video security experts, however, and are not likely to become so just to purchase a system.

So, what do you look for and what do you avoid? We have compiled a list of some of the pitfalls customers have faced with other systems.

Look out for narrow lenses
This piece of advice only applies to the actual “eye” of the system: the camera. Regardless of the type of video system you are trying to install, as any photographer will tell you, the lenses are the most important part of any camera.

Most camera lenses are measured by focal length in millimeters (mm). The higher the number, the more “zoom” the lens has. This might sound good, but on a video security system you want as wide of a shot as you can get to get the most out of each camera.

Cameras with varifocal lenses (lenses that can zoom in and out) from 2.8 – 12mm are the best, but most low cost cameras come with a fixed focus lens. These are also less expensive – which is ok if you know what to look for.

For nearly all applications, you want a focal length of 3.6 or below. This will give you 80 – 90 degrees of view. Avoid lenses that have a fixed focus of 4mm or more, unless you want to shoot down a long hallway or over a field as they excel at a distant, level view.

Why is this so important? A 2.8mm lens can cover 2x the area of a 6mm lens in the types of shots customers want to see. This means a 2.8mm camera will be more valuable in an install and you could potentially use fewer cameras.

Can’t find the focal length? Avoid the camera and any system it comes with.

Thin wires
This applies mainly to analog CCTV systems. Off-the-shelf systems will very often come with a very thin coaxial (coax) and power wire in one. This wire is complete garbage. It breaks easily and when it does break, it can’t be repaired. Customers have often thrown away cameras because they think it is the problem. Professional installers use a thick version of this wire that doesn’t lend itself to breakage and can be repaired easily.

One way to tell what kind of wire is packaged with the system is the size and weight of the box. If the box is fairly small and light (or even the same general size and weight as all the rest of the systems on the shelf) it probably has this thin wire.

Avoid appliances
So, pretty much just leave the box store stuff alone and avoid installers trying to sell you stuff that kind of looks like it. On average, things start to fail on those small boxes after only a year. You might be lucky to get 3 years of use on an appliance type system.

Appliance (often called embedded or standalone) systems can’t be upgraded, and the software to view them is usually of poor quality or won’t keep up with your technology. In some cases, you never even know they have failed until it is too late. They continue to run despite a failed hard drive.

Specialty Analog
This tale starts with a story. A few years back traditional analog solutions started to be left behind in favor of IP/network systems. Companies who were used to selling and installing analog systems struggled with the network technology required to run the new, megapixel cameras.

So, the industry responded with something called High Definition Composite Video Interface (HDCVI). High resolution cameras that work over that work over existing analog lines.

Up until this point, this has been a critique of the technology itself. HDCVI is a fine technology that delivers what is says it does. However, it is a stop-gap technology and not an industry standard like analog or network based systems. If you need the resolution, go with a network video security solution like the Gigastrand NVR. If not, stick with standard analog and upgrade the DVR. It will often be less expensive and the right DVR will improve the look of your cameras.

Recommendations for HDCVI
While we do not strongly recommend it, if you do decide to go with this type of system, make sure that it is backwards-compatible with existing analog technology so you don’t spend a ton on replacing perfectly working equipment. This is often referred to as bi-mode or tri-mode. If you can, get a system that will also do a couple of IP cameras as well (tri-mode systems will often have this capability).