Raspberry Pi DIY Surveillance Camera

Discussion in 'General Hardware' started by anticupidon, Jan 7, 2015.

  1. anticupidon

    anticupidon Ancient Guru

    Messages:
    7,878
    Likes Received:
    4,126
    GPU:
    Polaris/Vega/Navi
    Hello fellow gurus!
    As i promised, i post here a slimmed version of my project, a do-it-yourself security camera.
    The main purpose of this project is to use an open platfom combined with open source software for making your security camera and learn a few things while doing it.
    Parts needed:
    Raspberry Pi model B+


    [​IMG]



    5V micro USB power supply, a phone charger will suffice

    Camera module for Raspberry Pi


    [​IMG]




    Micro SDHC memory card (class 6) 8 Gb

    [​IMG]


    Optional :Raspberry B enclosure or ScorPi B+, flexible arm for camera module Raspberry Pi B+
    First step is to assembly all hardware parts, the camera module is very sensitive to ESD,you need to handle it with care .


    [​IMG]


    Second step is to “install” Raspbian on your micro SD memory card.
    From Raspbian mirrors, download the ISO ,check the MD5 once is downloaded.


    [​IMG]


    With Win32DiskImage software, you can put the ISO onto the memory card easily ,after this step, you can check with TestDisk if everything is ok, if the boot atribute appears as in the picture



    [​IMG]



    After inserting micro Sd card into the Raspberry ,connect to it the 5V power supply and the LAN cable to the Ethernet port, also a keyboard and a monitor.
    After booting up,log in with default credentials “pi” and “raspberry” and you need to enable some things first.

    Run
    Code:
    raspi-config
    command

    Enable the camera module support, SSH server and configure the Raspberry Pi’s keyboard configuration as you need it.


    [​IMG]


    [​IMG]


    After enabling SSH, you will not need the keyboard and the monitor you previously attached to the Raspberry Pi.
    But in order to SSH into the device ,you first need to set up static IP for the Raspberry Pi.
    For this ,run ipconfig into the console.Will give you basic information about your network.

    After that run command
    Code:
    cat/etc/network/interfaces

    [​IMG]


    The line
    iface eth0 inet dhcp tells us that the device getd its IP adress from the DHCP server,we want to modify that and assign a static IP .
    With the ifconfig and netstat -nr commands we find details about LAN .

    address 192.168.X.101
    netmask 255.255.255.0
    network 192.168.X.0
    broadcast 192.168.X.255
    gateway 192.168.X.254
    where x can be the subnet you have/want

    Once we have all this with the command

    Code:
    sudo nano /etc/network/interfaces
    we alter the config file changing the iface eth0 inet dhcp with iface eth0 inet static
    and all the values we found out for our network


    [​IMG]


    Once the static IP is set, we can SSH into the Raspberry using PuTTY .
    Connect to it by putting the static IP in PuTTY's dialog box and using default credentials.
    After succesfully connected to the device,run these commands as root
    Code:
    rpi-update
    Code:
    apt-get install && apt-get  update && apt-get autoclean
    [​IMG]


    After rebooting and re-connecting to the Raspberry Pi, we need to install the Rasp_ Pi_Cam_Interface.


    Code:
    git clone [url]https://github.com/silvanmelchior/RPi_Cam_Web_Interface.git[/url]

    Code:
    chmod u+x RPi_Cam_Web_Interface_Installer.sh

    [​IMG]

    Now,open the browser of your choice and put the static IP of the Raspberry Pi, you should see video coming from the camera

    [​IMG]


    Next step is to change the port used in the apache2 configuration file.


    Code:
    sudo nano /etc/apache2/ports.conf

    [​IMG]

    Modify 80 for 1100 or the number you want

    [​IMG]
     
    Last edited: Jan 7, 2015
  2. anticupidon

    anticupidon Ancient Guru

    Messages:
    7,878
    Likes Received:
    4,126
    GPU:
    Polaris/Vega/Navi
    Apache2 needs to know what port it is used ,so run this command

    Code:
     sudo nano /etc/apache2/sites-enabled/000-default 
    Alter this config file as in this picture

    [​IMG]


    [​IMG]

    Restart Apache server

    Code:
    sudo /etc/init.d/apache2 restart
    After restarting the Apache server, put in your browser the IP adress followed by the port number you changed(my case is 1100)

    192.168.0.101:1100

    You should see video from your device.

    Now,we need to modify the configuration file for Motion

    Code:
    sudo nano /etc/motion/motion.conf
    
    Search for this line

    netcam_url http://localhost/cam_pic.php

    change it for

    netcam_url http://localhost:[new_port]/cam_pic.php new port is the port you changed,mine is 1100


    Next step is to add some basic security to the device.
    Before putting it online and acces it remotely, we have to change the default password and to restrict the video streaming only to users with correct credentials.
    Modify the default password with passwd command ,as sudo .

    Next step, we create this config file

    Code:
    sudo nano /var/www/.htaccess
    Into this file we add these lines

    AuthName "Restricted Area"
    AuthType Basic
    AuthUserFile /usr/local/.htpasswd
    AuthGroupFile /dev/null
    Require valid-user

    Save the file Ctrl+O ,Ctrl+X to exit

    Then run this command

    Code:
    sudo htpasswd -c /usr/local/.htpasswd pi 
    input the password when asked

    After that we need to modify the default configuration for Apache's enabled webpage

    Code:
    sudo nano /etc/apache2/sites-enabled/000-default


    <Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
    </Directory>

    Change :- AllowOverride None

    to :- AllowOverride All


    [​IMG]






    In order that Motion functions properly we need to edit motion.conf file with the user and password we created

    Code:
    sudo nano /etc/motion/motion.conf
    change the line
    netcam_userpass value

    with
    netcam_userpass user:pass (user password)



    Now,the Raspberry Pi should have a basic security , so it is time to acces it from the internet.

    This is the local configuration

    [​IMG]


    For this we need to 2 things: Port Forwarding and DDNS

    Port forwarding simply put is enabling your device to be accesed from the internet,forwarding packets to its IP adress from internet to the local network, where the device is located.As each router has its own GUI, most probably port forwarding should be in Advanced/NAT/Virtual Servers or Advanced/NAT/Port Forwarding.
    Once you acces your router,open ports 1100(or the port you choosed) for the IP adress of your Raspberry Pi and also port 22 for SSH(later can be changed for security reasons).
    After this, set up an account with DynDNS,NoIp or what suits you ,in order to acces your router from internet.After having the credentials, set up the DDNS client of your choice, into the router or with a software client provided bty thr DDNS service you choosed.
    Now the device can be accesed from the internet,putting as url the domain name and the port previously set.

    In my case it is like this


    [​IMG]



    The URL is the domain name and the port i've choose.


    Now, as the device is online and can be accesed,also can be attacked.
    So in order to mitigate this risk,we install a small piece of software called Fail2ban,which will ban the IP/host/subnet with more than a number of unsuccesfull tries to connect to our device.This will mitigate the bruto force attacks toward SSH, or more services.


    Install the fail2ban using the command

    Code:
    apt-get install fail2ban
    [​IMG]

    by default the jail.conf is set up for defense against attacks

    [​IMG]

    Also .the command
    Code:
    iptables -L 
    shows us how already there is a fail2ban rule already into the iptables

    [​IMG]


    In order to see what RAspberry Pi is against to we run this command

    Code:
    grep "Ban " /var/log/fail2ban.log | awk -F[\ \:] '{print $10,$8}' | sort | uniq -c | sort –n
    And we can see the attacks ....

    [​IMG]


    For monitorization we can use different software
    Pulseway or Monit.
    We install the Pulseway software by downloading it first
    Code:
    wget http://www.pulseway.com/download/pulseway_armhf.deb

    [​IMG]

    and we install it
    Code:
    dpkg -i pulseway_armhf.deb	
    [​IMG]


    Back up the configuration file
    sudo cp /etc/pulseway/config.xml.sample /etc/pulseway/config.xml

    Edit it and add your Pulseway account credentials

    nano /etc/pulseway/config.xml


    [​IMG]


    To start the service and check if it is running

    Code:
    sudo /etc/init.d/pulseway start
    Code:
    sudo /etc/init.d/pulseway status
    Install the Pulseway client and monitor the device from your computer or mobile

    [​IMG]

    [​IMG]


    For having more space and where to back up the video files we add an USB thumb drive to the Rasspberry Pi
    First plug in the USB ,the run this command

    Code:
    ls -l /dev/disk/by-uuid/
    Write down the UUID

    Create mouting point

    Code:
    sudo mkdir /media/usb0
    Make sure that user pi owns /media/usb

    Code:
    sudo chown -R pi:pi /media/usb0

    Mount it

    Code:
    sudo mount /dev/sda1 /media/usb0 -o uid=pi,gid=pi
     
    Last edited: Jan 10, 2015
  3. anticupidon

    anticupidon Ancient Guru

    Messages:
    7,878
    Likes Received:
    4,126
    GPU:
    Polaris/Vega/Navi
    We add the USB to the /etc/fstab configuration file

    [​IMG]


    [​IMG]

    Knowing that all video files and pictures are saved into the /var/www/directory and having the /media/usb/ added to our fstab configuration file, we can back those files up easily.

    First we create the script file

    Code:
    nano backupscript.sh
    Add this line inside

    Code:
    rsync –rtuv /var/www/ /media/usb/backup
    Save Crtl+O ,exit Ctrl+X

    Make the script executable

    Code:
    Chmod 775 backupscript.sh
    You can run it as a cron task

    Code:
    crontab –e
    Add the path to the script file, input the desired timing for crontab file, save and exit.

    Check with command
    Code:
    crontab -l
    if the task is set correctly.

    [​IMG]

    We want that Raspberry Pi have the feature to send an e-mail to us when performing a task or inform upon any anomaly found.

    We install mailutils y ssmtp.

    Run command

    Code:
    apt-get install mailutils
    Code:
    apt-get install ssmtp
    After that edit with command

    Code:
    nano /etc/ssmtp/ssmtp.conf


    mailhub=smtp.gmail.com:587 default Google mail

    hostname= your host name

    AuthUser=your email account

    AuthPass= password for the e mail account

    UseSTARTTLS=YES TLS is used to encrypt the information sent


    [​IMG]

    After setting up the mail sending feature, a simple script is used to send a mail each time the back up task is performed.

    Code:
    !/bin/bash/
    #backup script
    #first an email is send
    echo "back up process has started,l337" | mail -s " Raspberry Pi back up" youremail@gmail.com
    #backing up 
    rsync -avr /var/www/media /media/usb0/copia
    If needed, temperature of the CPU can be read and sent by email

    Code:
    /opt/vc/bin/vcgencmd measure_temp
    Also this script can be set up to run automatically adding it to to cron jobs.
     
    Last edited: Jan 10, 2015
  4. anticupidon

    anticupidon Ancient Guru

    Messages:
    7,878
    Likes Received:
    4,126
    GPU:
    Polaris/Vega/Navi
    More features can be add and also a lot of tweaks can be done to speed up Raspberry Pi,overclocking is possible.
    Big kudos to silvanmelchior for his outstanding job RPi_Cam_Web_Interface.You saved my project, beatiful code, elegant solution.Thanks also to all GNU/Linux comunity, so much knowledge,too little time .
    Thank you all gurus for your time and patience reading this thread.
    Hope that this tread can help somebody, i am willing to share more if asked.
    Cheers!
     
    Last edited: Jan 10, 2015

  5. anticupidon

    anticupidon Ancient Guru

    Messages:
    7,878
    Likes Received:
    4,126
    GPU:
    Polaris/Vega/Navi
    Found a nifty software for the same purpose,but very slick and very nice looking.Will update soon,maybe on the same platform or on the newer Raspberry 2.
     

Share This Page