Overview
I
had been thinking about setting up a camera system in my place for a
while. My plan was to set up two cameras with motion detection; one to
monitor the patio for deliveries and another to monitor the
living room in case there was a break in. This plan stayed in the back
burner for a long time until my colleague's house got burglarized just a
couple of weeks ago. He was in a different state at the time; however,
as soon as he received an alarm, the police department was called and one of
the intruders got caught right after he left the house. Suddenly, I
had a good reason to implement my own system.
My
design requirements could be described as simplicity. I just needed two
cameras with wireless connectivity to minimize cable clutter. The first camera
would be monitoring my living room and needed to be PTZ capable. My idea was to disable
monitoring while I was at home and I needed a camera with this capability
to provide a visual indication. During the initial setup, I also found an
old Logitech webcam which I had completely forgotten about. I decided
use that for monitoring my office. In addition, the last thing I wanted
was to expose my cameras to the internet so I was also looking for a central control system. At the end, my configuration boiled down to a Raspberry Pi 2 Model B
running ZoneMinder controlling a Foscam FI8918W and a Logitech webcam. I
still haven't decided on the camera to monitor my patio.
Initial Setup
- Copy the Raspbian image to your micro SD card. Instructions are at: https://www.raspberrypi.org/documentation/installation/installing-images/README.md
- Type root and hit enter after powering on your Pi
- Get the MAC address for your Pi
- Configure DHCP service on router to assign a static address to your Pi
- Change hostname by editing /etc/hostname
- Fix keyboard setup in /etc/default/keyboard
- Fix timezone
- rm /etc/localtime
- ln -s /usr/share/zoneinfo/US/Pacific /etc/localtime
- Update /etc/profile
- export TZ=America/Los_Angeles
- Reboot
Securing the Pi
- Create a local user
- groupadd buraks78
- useradd -g buraks78 -m buraks78
- passwd buraks78
- Create an .ssh folder for this user and copy your public key in authorized_keys.
- su - buraks78
- mkdir /home/buraks78/.ssh
- chown buraks78:buraks78 /home/buraks78/.ssh
- chmod 0700 /home/buraks78/.ssh
- cat /tmp/id_rsa.pub > /home/buraks78/.ssh/authorized_keys
- rm /tmp/id_rsa.pub
- chown buraks78:buraks78 /home/buraks78/.ssh/authorized_keys
- Add user to sudoers using visudo
- buraks78 ALL=(ALL) ALL
- Update sshd configuration in /etc/ssh/sshd_config and restart sshd
- Protocol 2
- LoginGraceTime 30
- PermitRootLogin no
- PermitEmptyPasswords no
- PasswordAuthentication no
- X11Forwarding no
- Setup iptables (DON'T LOCK YOURSELF OUT!) (This will break aptitude obviously)
- aptitude install iptables
/tmp/iptables.txt
*filter
:INPUT DROP [45:2307]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1571:4260654]
-A INPUT -p tcp -i lo -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-P INPUT DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 --destination X.X.X.X/24 -j ACCEPT
-A OUTPUT -o eth0 -p tcp --dport 587 -j ACCEPT
-P OUTPUT DROP
COMMITiptables-save > /tmp/iptables.txtiptables-restore < /tmp/iptables.txtiptables-apply
- Change zm password for MySQL
- myqsl -u root -p
- GRANT USAGE ON *.* TO 'zmuser'@'localhost' IDENTIFIED BY 'XXX';
- FLUSH PRIVILEGES;
- vi /etc/zm/zm.conf
- Update ZM_DB_PASS to XXX
- Restart ZoneMinder
- myqsl -u root -p
- Secure Apache installation
- Implement directory restrictions.
- TODO: Server SSL setup
- TODO: Client SSL setup
Component Setup
- Install ZoneMinder
- Instructions are here: https://github.com/ZoneMinder/ZoneMinder
- Well, the version in the Raspian repo is old. Simply check out the master branch and build (I tried to build v1.28.1 and release-1.28.2 and both of them failed)
- Enable zm.conf for Apache
- Add the following line to Apache configuration: SetEnv TZ America/Los_Angeles
- Ensure /etc/profile is updated as described previously
- Update /usr/bin/zmpkg.pl to add: $ENV{TZ} = America/Los_Angeles;
- Otherwise filters do not email/message properly
- Setup Foscam
- Static dhcp reservation on the router
- Shut down all unnecessary features like motion detection and alarms
- Introduce Foscam to ZoneMinder
- Create control script
- See instructions here: http://www.zoneminder.com/wiki/index.php/Foscam_FI8918W
- Presets
- Enable presets under PT settings via the camera backend
- Modify control script and update presetSet and presetGoto subroutines
- See instructions here: http://foscam.us/forum/zoneminder-1-25-0-with-foscam-fi8918w-control-problems-t3891.html
- Create control script
- Introduce Logitech webcam to ZoneMinder
- Add www-data user to video group to video group: usermod -G video www-data
- Restart ZoneMinder
- Configure ssmtp for sending emails
- Instructions are here: http://www.zoneminder.com/wiki/index.php/How_to_get_ssmtp_working_with_Zoneminder
- You need to update both sendEmail and sendMessage methods
- Configure ZoneMinder
- Enable OPT_USE_AUTH and update AUTH_HASH_SECRET
- Enable OPT_CONTROL
- Set EVENT_CLOSE_MODE to alarm
- Enable LOG_DEBUG during setup
Performance Optimization
- Install APC
- aptitude install php-apc
- php -m | grep apc
- service apache restart
- Shut down X you fool; you don't need it if you are reading and understanding this doc
- raspi-config
- Cut the resolution to 320x240
- Put your monitor into modetect mode
- Do not set the FPS levels in ZoneMinder. Read this: http://www.zoneminder.com/wiki/index.php/Doing_your_best_to_get_rid_of_smudging_in_FFMPEG_transcoding_of_RTSP_streams
- Increase MySQL innodb buffer pool size in /etc/mysql/my.cnf under [mysqld] section
- innodb_buffer_pool_size = 256M
Automation
- Implemented a simple cronjob to disable alarms when I am at home and enable them after I leave by pinging my phone IP. The last preset for the Foscam is directed at the ceiling to provide a visual clue that no monitoring is taking place.
#!/bin/bash USER=admin PASS=XXX ping -l 5 -c 5 -q X.X.X.X &> /dev/null if [ "$?" -eq 0 ] then # Foscam zmu -m 1 --noalarm --username $USER --password $PASS zmcontrol.pl --id 1 --command=presetGoto --preset 8 # Logitech zmu -m 2 --noalarm --username $USER --password $PASS logger -t zonemaster "ZoneMinder is now DISARMED" else # Foscam zmcontrol.pl --id 1 --command=presetGoto --preset 2 sleep 10 zmu -m 1 --noalarm --username $USER --password $PASS zmu -m 1 --cancel --username $USER --password $PASS # Logitech zmu -m 2 --noalarm --username $USER --password $PASS zmu -m 2 --cancel --username $USER --password $PASS logger -t zonemaster "ZoneMinder is now ARMED" fi
Conclusion
- First of all, stick to the defaults. I can not stand Debian... So, I installed CentOS on the Pi but quickly realized how deep the rabbit hole went after seeing how many packages I had to build to get ZoneMinder working. Just put down the CentOS image and step back slowly. It is not worth it.
- These cameras all suck... The ones that don't are extremely expensive so better get used to the crap.
- While researching for this project, I thought about using power line adapters instead of wireless. That idea was thrown to the retarded bin when I realized I needed an additional PoE injector. There is not even one power line adapter with built-in PoE injection capability. At least, I could not find one on Amazon.
- Central control unit... I even thought about getting an ITX motherboard for processing power. A single Raspberry Pi 2 Model B is not going to cut it if you have a lot of cameras. Horizontal scaling would be nice. I am still reading/learning about Raspberry Pi clustering.
- About micro SD lifespan. Shut down your Raspberry, remove the card, and make a copy of it using dd. You will need it.
