Hello fellow gurus! As i promised, i post here a slimmed version of my project, a do-it-yourself security camera. The main purpose of this project is to use an open platfom combined with open source software for making your security camera and learn a few things while doing it. Parts needed: Raspberry Pi model B+ 5V micro USB power supply, a phone charger will suffice Camera module for Raspberry Pi Micro SDHC memory card (class 6) 8 Gb Optional :Raspberry B enclosure or ScorPi B+, flexible arm for camera module Raspberry Pi B+ First step is to assembly all hardware parts, the camera module is very sensitive to ESD,you need to handle it with care . Second step is to “install” Raspbian on your micro SD memory card. From Raspbian mirrors, download the ISO ,check the MD5 once is downloaded. With Win32DiskImage software, you can put the ISO onto the memory card easily ,after this step, you can check with TestDisk if everything is ok, if the boot atribute appears as in the picture After inserting micro Sd card into the Raspberry ,connect to it the 5V power supply and the LAN cable to the Ethernet port, also a keyboard and a monitor. After booting up,log in with default credentials “pi” and “raspberry” and you need to enable some things first. Run Code: raspi-config command Enable the camera module support, SSH server and configure the Raspberry Pi’s keyboard configuration as you need it. After enabling SSH, you will not need the keyboard and the monitor you previously attached to the Raspberry Pi. But in order to SSH into the device ,you first need to set up static IP for the Raspberry Pi. For this ,run ipconfig into the console.Will give you basic information about your network. After that run command Code: cat/etc/network/interfaces The line iface eth0 inet dhcp tells us that the device getd its IP adress from the DHCP server,we want to modify that and assign a static IP . With the ifconfig and netstat -nr commands we find details about LAN . address 192.168.X.101 netmask 255.255.255.0 network 192.168.X.0 broadcast 192.168.X.255 gateway 192.168.X.254 where x can be the subnet you have/want Once we have all this with the command Code: sudo nano /etc/network/interfaces we alter the config file changing the iface eth0 inet dhcp with iface eth0 inet static and all the values we found out for our network Once the static IP is set, we can SSH into the Raspberry using PuTTY . Connect to it by putting the static IP in PuTTY's dialog box and using default credentials. After succesfully connected to the device,run these commands as root Code: rpi-update Code: apt-get install && apt-get update && apt-get autoclean After rebooting and re-connecting to the Raspberry Pi, we need to install the Rasp_ Pi_Cam_Interface. Code: git clone [url]https://github.com/silvanmelchior/RPi_Cam_Web_Interface.git[/url] Code: chmod u+x RPi_Cam_Web_Interface_Installer.sh Now,open the browser of your choice and put the static IP of the Raspberry Pi, you should see video coming from the camera Next step is to change the port used in the apache2 configuration file. Code: sudo nano /etc/apache2/ports.conf Modify 80 for 1100 or the number you want
Apache2 needs to know what port it is used ,so run this command Code: sudo nano /etc/apache2/sites-enabled/000-default Alter this config file as in this picture Restart Apache server Code: sudo /etc/init.d/apache2 restart After restarting the Apache server, put in your browser the IP adress followed by the port number you changed(my case is 1100) 192.168.0.101:1100 You should see video from your device. Now,we need to modify the configuration file for Motion Code: sudo nano /etc/motion/motion.conf Search for this line netcam_url http://localhost/cam_pic.php change it for netcam_url http://localhost:[new_port]/cam_pic.php new port is the port you changed,mine is 1100 Next step is to add some basic security to the device. Before putting it online and acces it remotely, we have to change the default password and to restrict the video streaming only to users with correct credentials. Modify the default password with passwd command ,as sudo . Next step, we create this config file Code: sudo nano /var/www/.htaccess Into this file we add these lines AuthName "Restricted Area" AuthType Basic AuthUserFile /usr/local/.htpasswd AuthGroupFile /dev/null Require valid-user Save the file Ctrl+O ,Ctrl+X to exit Then run this command Code: sudo htpasswd -c /usr/local/.htpasswd pi input the password when asked After that we need to modify the default configuration for Apache's enabled webpage Code: sudo nano /etc/apache2/sites-enabled/000-default <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> Change :- AllowOverride None to :- AllowOverride All In order that Motion functions properly we need to edit motion.conf file with the user and password we created Code: sudo nano /etc/motion/motion.conf change the line netcam_userpass value with netcam_userpass userass (user password) Now,the Raspberry Pi should have a basic security , so it is time to acces it from the internet. This is the local configuration For this we need to 2 things: Port Forwarding and DDNS Port forwarding simply put is enabling your device to be accesed from the internet,forwarding packets to its IP adress from internet to the local network, where the device is located.As each router has its own GUI, most probably port forwarding should be in Advanced/NAT/Virtual Servers or Advanced/NAT/Port Forwarding. Once you acces your router,open ports 1100(or the port you choosed) for the IP adress of your Raspberry Pi and also port 22 for SSH(later can be changed for security reasons). After this, set up an account with DynDNS,NoIp or what suits you ,in order to acces your router from internet.After having the credentials, set up the DDNS client of your choice, into the router or with a software client provided bty thr DDNS service you choosed. Now the device can be accesed from the internet,putting as url the domain name and the port previously set. In my case it is like this The URL is the domain name and the port i've choose. Now, as the device is online and can be accesed,also can be attacked. So in order to mitigate this risk,we install a small piece of software called Fail2ban,which will ban the IP/host/subnet with more than a number of unsuccesfull tries to connect to our device.This will mitigate the bruto force attacks toward SSH, or more services. Install the fail2ban using the command Code: apt-get install fail2ban by default the jail.conf is set up for defense against attacks Also .the command Code: iptables -L shows us how already there is a fail2ban rule already into the iptables In order to see what RAspberry Pi is against to we run this command Code: grep "Ban " /var/log/fail2ban.log | awk -F[\ \:] '{print $10,$8}' | sort | uniq -c | sort –n And we can see the attacks .... For monitorization we can use different software Pulseway or Monit. We install the Pulseway software by downloading it first Code: wget http://www.pulseway.com/download/pulseway_armhf.deb and we install it Code: dpkg -i pulseway_armhf.deb Back up the configuration file sudo cp /etc/pulseway/config.xml.sample /etc/pulseway/config.xml Edit it and add your Pulseway account credentials nano /etc/pulseway/config.xml To start the service and check if it is running Code: sudo /etc/init.d/pulseway start Code: sudo /etc/init.d/pulseway status Install the Pulseway client and monitor the device from your computer or mobile For having more space and where to back up the video files we add an USB thumb drive to the Rasspberry Pi First plug in the USB ,the run this command Code: ls -l /dev/disk/by-uuid/ Write down the UUID Create mouting point Code: sudo mkdir /media/usb0 Make sure that user pi owns /media/usb Code: sudo chown -R pi:pi /media/usb0 Mount it Code: sudo mount /dev/sda1 /media/usb0 -o uid=pi,gid=pi
We add the USB to the /etc/fstab configuration file Knowing that all video files and pictures are saved into the /var/www/directory and having the /media/usb/ added to our fstab configuration file, we can back those files up easily. First we create the script file Code: nano backupscript.sh Add this line inside Code: rsync –rtuv /var/www/ /media/usb/backup Save Crtl+O ,exit Ctrl+X Make the script executable Code: Chmod 775 backupscript.sh You can run it as a cron task Code: crontab –e Add the path to the script file, input the desired timing for crontab file, save and exit. Check with command Code: crontab -l if the task is set correctly. We want that Raspberry Pi have the feature to send an e-mail to us when performing a task or inform upon any anomaly found. We install mailutils y ssmtp. Run command Code: apt-get install mailutils Code: apt-get install ssmtp After that edit with command Code: nano /etc/ssmtp/ssmtp.conf mailhub=smtp.gmail.com:587 default Google mail hostname= your host name AuthUser=your email account AuthPass= password for the e mail account UseSTARTTLS=YES TLS is used to encrypt the information sent After setting up the mail sending feature, a simple script is used to send a mail each time the back up task is performed. Code: !/bin/bash/ #backup script #first an email is send echo "back up process has started,l337" | mail -s " Raspberry Pi back up" youremail@gmail.com #backing up rsync -avr /var/www/media /media/usb0/copia If needed, temperature of the CPU can be read and sent by email Code: /opt/vc/bin/vcgencmd measure_temp Also this script can be set up to run automatically adding it to to cron jobs.
More features can be add and also a lot of tweaks can be done to speed up Raspberry Pi,overclocking is possible. Big kudos to silvanmelchior for his outstanding job RPi_Cam_Web_Interface.You saved my project, beatiful code, elegant solution.Thanks also to all GNU/Linux comunity, so much knowledge,too little time . Thank you all gurus for your time and patience reading this thread. Hope that this tread can help somebody, i am willing to share more if asked. Cheers!
Found a nifty software for the same purpose,but very slick and very nice looking.Will update soon,maybe on the same platform or on the newer Raspberry 2.