Jun 162015
 

Intro

Sadly, Zoneminder is not available in Debian 8. Here you can find my recipe for building debian package and installing Zoneminder, currently version 1.28.1 from git. Based on slightly amended instructions for Debian 8 Jessie from README.md

insta-16

Prerequisite

aptitude install -y apache2 mysql-server php5 php5-mysql build-essential libmysqlclient-dev libssl-dev libbz2-dev libpcre3-dev libdbi-perl libarchive-zip-perl libdate-manip-perl libdevice-serialport-perl libmime-perl libpcre3 libwww-perl libdbd-mysql-perl libsys-mmap-perl yasm automake autoconf libjpeg8 apache2-mpm-prefork libapache2-mod-php5 php5-cli libphp-serialization-perl libavcodec-dev libavformat-dev libswscale-dev libavutil-dev libv4l-dev libtool ffmpeg libnetpbm10-dev libavdevice-dev libmime-lite-perl dh-autoreconf dpatch

Build

cd /usr/src
git clone https://github.com/ZoneMinder/ZoneMinder.git zoneminder;
cd zoneminder
ln -s distros/debian8 debian
dpkg-checkbuilddeps # and apt install if anything is missing

vim zoneminder/debian/changelog # add new version on top with email address matching your GPG key and then

dpkg-buildpackage

 

Installation

One level above should hopefully find a deb package matching the architecture of the build host:

ls -l /usr/src/zoneminder*.deb
cd /usr/src
for i in `ls *.deb`;do echo "------------- $i";dpkg -i $i;done
apt-get install -f
dpkg-reconfigure zoneminder

 

Lets see:

systemctl status zoneminder

 zoneminder.service - ZoneMinder CCTV recording and security system
 Loaded: loaded (/lib/systemd/system/zoneminder.service; enabled)
 Active: active (running) since Tue 2015-06-16 13:28:12 BST; 3min 21s ago
 Main PID: 5602 (zmdc.pl)
 CGroup: /system.slice/zoneminder.service
 /usr/bin/perl -wT /usr/bin/zmdc.pl startup
 /usr/bin/perl -wT /usr/bin/zmfilter.pl
 /usr/bin/perl -wT /usr/bin/zmaudit.pl -c
 /usr/bin/perl -wT /usr/bin/zmwatch.pl
 /usr/bin/perl -w /usr/bin/zmupdate.pl -c
 Jun 16 13:28:11 sambor.home zmdc[5632]: INF ['zmaudit.pl -c' started at 15/06/16 13:28:11]
 Jun 16 13:28:11 sambor.home zmfilter[5626]: INF [Scanning for events]
 Jun 16 13:28:11 sambor.home zmdc[5638]: INF ['zmwatch.pl' started at 15/06/16 13:28:11]
 Jun 16 13:28:11 sambor.home zmdc[5602]: INF ['zmwatch.pl' starting at 15/06/16 13:28:11, pid = 5638]
 Jun 16 13:28:12 sambor.home zmwatch[5638]: INF [Watchdog starting]
 Jun 16 13:28:12 sambor.home zmwatch[5638]: INF [Watchdog pausing for 30 seconds]
 Jun 16 13:28:12 sambor.home zmdc[5602]: INF ['zmupdate.pl -c' starting at 15/06/16 13:28:12, pid = 5645]
 Jun 16 13:28:12 sambor.home zmdc[5645]: INF ['zmupdate.pl -c' started at 15/06/16 13:28:12]
 Jun 16 13:28:12 sambor.home zmupdate[5645]: INF [Checking for updates]
 Jun 16 13:28:12 sambor.home zmupdate[5645]: INF [Got version: '1.28.1']

Well, well, well. Look who’s up and running!

Configuration

Alright, we can now connect to server IP address and start adding monitors

http://10.10.0.231/zm/index.php

Start with checking your cameras:

zmu -d /dev/video0 -q -v

It took me a while to experiment with settings and find the most optimal configuration. My camera is connected via BT878 video card and it worked with

Capture Method v4l2
 Device Channel 1
 Device Format NTSC
 Capture Pallet Auto
 Target Colorspace 32bit
 Capture Width 768
 Capture Height 480
 # although Crop Capabilities in debug advertised it as 924 x 576
 

I use it in Mocord mode.

Last hint, make sure you have plenty of space to store data produced by Zoneminder.
I have changed symlinks /usr/share/zoneminder/{events,images,temp} and pointed them to dedicated zfs filesystem with ample of space:

for i in events images temp;do mkdir /tank/zoneminder/$i;ln -s /tank/zoneminder/$i /usr/share/zoneminder/$i:done
 chown www-data. /tank/zoneminder/*

Logging

Is default Zoneminder inclination to log bloody EVERYTHING to blooming EVERYWHERE driving you mad? Well, welcome to the club!

vim /etc/rsyslog.conf

and replace line 62 adding local1.!*

# *.*;auth,authpriv.none -/var/log/syslog
# As per http://www.zoneminder.com/wiki/index.php/Documentation#Logging
*.*;local1.!*;auth,authpriv.none -/var/log/syslog

And restart rsyslog

systemctl restart rsyslog

 

May 072015
 

These pesky SeLinux commands that are just impossible to remember

insta-06

We need some tools

yum install policycoreutils-python -y 

Non-default location for homedirs

# say user dyzio comes from AD/LDAP and lives under /users/d/dyzio
mkdir -p /users/{a..z} # precreate home_root_t
chcon -t home_root_t /users
semanage fcontext -a -t home_root_t "/users(/.*)?"
restorecon -R -v /users

# if you need to autocreate home dirs you'll need 
yum install -y oddjob-mkhomedir
# and for AD users "usepasswd=True" in this file
vim /etc/selinux/semanage.conf
# this will check user entry in ldap and set correct security context "user_home_t" on user home

Samba

semanage fcontext -a -t samba_share_t "/srv/shared(/.*)?"
restorecon -R -v /srv/shared

Apache

setsebool -P httpd_can_sendmail on

Assign the appropriate Selinux security context to our custom web app directories. This grants Apache permissions to access them.

chcon -Rv --type=httpd_sys_content_t /webapps/apps/app1/public_html
chcon -Rv --type=httpd_sys_content_t /webapps/logs/app1/