Useful Commands & Info for Ubuntu Ver 18.04

A Free Linux Operating System (Like Windows)

Available at Ubuntu.com

(Software is available free after Ubuntu is installed)


Generally, software is run the same way as in Windows > double click on an icon.

More advanced topics are found below:


Table of Contents Links (Ctl-Click to follow link):


Root Account

Change File Ownership

Sound Problems

List files and owners

Change the Permissions of Files

File System check like chkdsk

GRUB MENU

APPORT CRASH REPORTS

SAMBA

Executing a Command

Video Conversion

UFW (Firewall)

Block Country IP's in UFW

Create a Desktop Launcher

Installing New Software

Zoneminder Security System

Dedicating a hard drive to Zoneminder

Add Fonts

Web Log Analysis

Zoneminder Camera Settings


Root Account


Normal Root login:

/////warning//////////

Enabling the root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo in the Terminal window using the administrator or root password.

/////warning///////////


In the Terminal window:

sudo followed by a command will execute the command as root.

sudo -s or sudo su will establish root access until the Terminal is closed.


Enabling the root account

If you really need a persistent root login, the best alternative is to simulate a root login shell using the following command...

establish root:

sudo -i

To enable the root account (i.e. set a password) use:

sudo passwd root

Use at your own risk!


/////warning///////////

Logging in to X as root may cause very serious trouble. If you believe you need a root account to perform a certain action, please consult the official support channels first, to make sure there is not a better alternative.

/////warning///////////


Re-disabling your root account

If for some reason you have enabled your root account and wish to disable it again, use the following command in terminal...


sudo passwd -dl root


Browse files as root

Press [alt]F2 to get a root window, then type gksudo (maybe gksu) or “nautilus” as a last resort


Change Ownership

The chown command changes the owner and owning group of files.

chown -R chope:chope /files/work

Recursively grant owner:group of the directory /files/work, and all files and subdirectories, to user chope.


Sound Problems

Make sure you have selected the correct sound card/driver!

If still can’t get sound try:

sudo apt-get remove --purge alsa-base pulseaudio

sudo apt-get install alsa-base pulseaudio

sudo apt-get install alsa-tools-gui

alsamixer

hdajackretask (careful, allows task reassignment of sound card ports)



List files and owners

ls -l


-

The first character represents the file type: "-" for a regular file, "d" for a directory, "l" for a symbolic link.


rwx

The next three characters represent the permissions for the file's owner: in this case, the owner may read from, write to, and/or execute the file.


rw-

The next three characters represent the permissions for members of the group that the file belongs to. In this case, any member of the file's owning group may read from or write to the file. The final dash is a placeholder; group members do not have permission to execute this file.


r--

The permissions for "others" (everyone else). Others may only read this file.


-n-

The number of hard links to this file.



chmod

Used to change the permissions of files or directories.

chmod options permissions filename

chmod u=rwx,g=rx,o=r myfile


This is an example using symbolic permissions notation. The letters u, g, and o stand for "user", "group", and "other". The equals sign ("=") means "set the permissions exactly like this," and the letters "r", "w", and "x" stand for "read", "write", and "execute", respectively. The commas separate the different classes of permissions, and there are no spaces in between them.


Here is the equivalent command using octal permissions notation:

chmod 754 myfile


owner group other

Read 4 4 4

Write 2 2 2

Execute 1 1 1

Total


Here the digits 7, 5, and 4 each individually represent the permissions for the user, group, and others, in that order. Each digit is a combination of the numbers 4, 2, 1, and 0:

4 stands for "read",

2 stands for "write",

1 stands for "execute", and

0 stands for "no permission."

So 7 is the combination of permissions 4+2+1 (read, write, and execute), 5 is 4+0+1 (read, no write, and execute), and 4 is 4+0+0 (read, no write, and no execute).


Options

--preserve-root

Do not operate recursively on '/'.

--reference=RFILE

Set permissions to match those of file RFILE, ignoring any specified MODE.

-R, --recursive

change files and directories recursively.

--help

Display a help message and exit.



File System check, like chkdsk:

Rare: File permissions and ownership corrupted somehow

Did you shutdown properly/completely the last time?

If not, un-mount the drive and run the file system check utility 'fsck'


GRUB MENU

grub bootApplication

sudo update-grub

Hold shift when booting to get grub menu


APPORT CRASH REPORTS

The apport system creates crash report files in the /var/crash directory. These crash report files cause the error message to appear everytime Ubuntu boots.

Just remove the crash report files

sudo rm /var/crash/*

After removing all the crash report files, the error message should stop popping up. However if a new crash takes place then it would appear again in future.


SAMBA

sudo system-config-samba

sudo nano /etc/samba/smb.conf

sudo samba restart


If a network PC is not seen in files>Windows Network>Workgroup

Go to the bottom of the Files window at “Connect to Server” and enter smb://(machinename)/(shared-directory)



Executing a Command

In general you start any command from a terminal by entering the command.

So to edit a file with gedit

gedit file_to_edit


An .avi is no different, just a different command

banshee your.avi


You may use any media player you wish.

the only thing is an avi itself is a container, so you may need to install some codecs. codecs are the tools to play mp3 and other audio visual files.


this link may help

http://linuxcommand.org/


The syntax to open any file in its default application is

xdg-open <file_name>


If you mean play the video in the terminal video, install mplayer (sudo apt-get install mplayer) and run

mplayer -vo caca <movie_file>

It doesn't run directly in the terminal window, but it does display in ASCII characters.


Video Conversion

If you only want to convert mkv to mp4 then you will save quality and a lot of time by just changing the containers. Both of these are just wrappers over the same content so the cpu only needs to do a little work. Don't re encode as you will definitely lose quality.


It's very straight forward using ffmpeg:


ffmpeg -i LostInTranslation.mkv -vcodec copy -acodec copy LostInTranslation.mp4


Here, you are copying the video codec and audio codec so nothing is being encoded.


Tip:


To convert all the mkv files in current directory, run a simple loop in terminal:


for i in *mkv; do ffmpeg -i $i -vcodec copy -acodec copy $i.mp4; done


For future conversions, like from avi to mp4, check out HandBrake.



UFW (Firewall)

Once installation is completed you can check the status of UFW with the following command:

sudo ufw status verbose

By default, UFW will block all of the incoming connections and allow all outbound connections. This means that anyone trying to access your server will not be able to connect unless you specifically open the port, while all applications and services running on your server will be able to access the outside world.

The default polices are defined in the /etc/default/ufw file and can be changed using the sudo ufw default <policy> <chain> command.

Firewall policies are the foundation for building more detailed and user-defined rules. In most cases, the initial UFW Default Policies are a good starting point.

Application Profiles

When installing a package with the apt command it will add an application profile to /etc/ufw/applications.d directory. The profile describes the service and contains UFW settings.

You can list all application profiles available on your server by typing:

sudo ufw app list

Depending on the packages installed on your system the output will look similar to the following:

Available applications:
  Dovecot IMAP
  Dovecot POP3
  Dovecot Secure IMAP
  Dovecot Secure POP3
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH
  Postfix
  Postfix SMTPS
  Postfix Submission

To find more information about a specific profile and included rules, use the following command:

sudo ufw app info 'Nginx Full'
Profile: Nginx Full
Title: Web Server (Nginx, HTTP + HTTPS)
Description: Small, but very powerful and efficient web server

Ports:
  80,443/tcp
As you can see from the output above the ‘Nginx Full’ profile opens port 80 and 443.

Allow SSH Connections

Before enabling the UFW firewall we need to add a rule which will allow incoming SSH connections. If you’re connecting to your server from a remote location, which is almost always the case and you enable the UFW firewall before explicitly allow incoming SSH connections you will no longer be able to connect to your Ubuntu server.

To configure your UFW firewall to allow incoming SSH connections, type the following command:

sudo ufw allow ssh
Rules updated
Rules updated (v6)

If you changed the SSH port to a custom port instead of the port 22, you will need to open that port.

For example, if your ssh daemon listens on port 4422, then you can use the following command to allow connections on that port:

sudo ufw allow 4422/tcp

Enable UFW

Now that your UFW firewall is configured to allow incoming SSH connections, we can enable it by typing:

sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

You will be warned that enabling the firewall may disrupt existing ssh connections, just type y and hit Enter.

Allow connections on other ports

Depending on the applications that run on your server and your specific needs you’ll also need to allow incoming access to some other ports.

Below we will show you a few examples on how to allow incoming connections to some of the most common services:

Open port 80 - HTTP

HTTP connections can be allowed with the following command:

sudo ufw allow http

instead of http you can use the port number, 80:

sudo ufw allow 80/tcp

or you can use the application profile, in this case, ‘Nginx HTTP’:

sudo ufw allow 'Nginx HTTP'

Open port 443 - HTTPS

HTTP connections can be allowed with the following command:

sudo ufw allow https

To achieve the same instead of https profile you can use the port number, 443:

sudo ufw allow 443/tcp

or you can use the application profile, ‘Nginx HTTPS’:

sudo ufw allow 'Nginx HTTPS'

Open port 8080

If you run Tomcat or any other application that listens on port 8080 to allow incoming connections type:

sudo ufw allow 8080/tcp

Allow Port Ranges

Instead of allowing access to single ports UFW allows us to allow access to port ranges. When allowing port ranges with UFW, you must specify the protocol, either tcp or udp. For example, if you want to allow ports from 7100 to 7200 on both tcp and udp then run the following command:

sudo ufw allow 7100:7200/tcp
sudo ufw allow 7100:7200/udp
Allow Specific IP Addresses

To allow access on all ports from your home machine with IP address of 64.63.62.61, specify from followed by the IP address you want to whitelist:

sudo ufw allow from 64.63.62.61
Allow Specific IP Addresses on Specific port

To allow access on a specific port let’s say port 22 from your work machine with IP address of 64.63.62.61, use to any port followed by the port number:

sudo ufw allow from 64.63.62.61 to any port 22

Allow Subnets

The command for allowing connection to a subnet of IP addresses is the same as when using a single IP address, the only difference is that you need to specify the netmask. For example, if you want to allow access for IP addresses ranging from 192.168.1.1 to 192.168.1.254 to port 3360 (MySQL) you can use this command:

sudo ufw allow from 192.168.1.0/24 to any port 3306

Allow Connections to a Specific Network Interface

To allow access on a specific port let’s say port 3360 only to specific network interface eth2, then you need to specify allow in on and the name of the network interface:

sudo ufw allow in on eth2 to any port 3306

Deny connections

The default policy for all incoming connections is set to deny and if you haven’t changed it, UFW will block all incoming connection unless you specifically open the connection.

Let’s say you opened the ports 80 and 443 and your server is under attack from the 23.24.25.0/24 network. To deny all connections from 23.24.25.0/24 you can use the following command:

sudo ufw insert 1 deny in from 23.24.25.0/24
("insert 1" puts the deny rule at the top so the allow rules are not acted upon first)

If you only want to deny access to ports 80 and 443 from 23.24.25.0/24 you can use the following command:

sudo ufw deny from 23.24.25.0/24 to any port 80
sudo ufw deny from 23.24.25.0/24 to any port 443

Writing deny rules is the same as writing allow rules, you only need to replace allow with deny.

Delete UFW Rules

There are two different ways to delete UFW rules, by rule number and by specifying the actual rule.

Deleting UFW rules by rule number is easier especially if you are new to UFW. To delete a rule by a rule number first you need to find the number of the rule you want to delete, you can do that with the following command:

sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 8080/tcp                   ALLOW IN    Anywhere

To delete rule number 3, the rule that allows connections to port 8080, use the following command:

sudo ufw delete 3

The second method is to delete a rule by specifying the actual rule, for example if you added a rule to open port 8069 you can delete it with:

sudo ufw delete allow 8069

Disable UFW

If for any reason you want to stop UFW and deactivate all the rules you can use:

sudo ufw disable

Later if you want to re-enable UTF and activate all rules just type:

sudo ufw enable

Reset UFW

Resetting UFW will disable UFW, and delete all active rules. This is helpful if you want to revert all of your changes and start fresh.

To reset UFW simply type in the following command:

sudo ufw reset


Block Country IP’s

in pc firewall named "ufw"


-------------– root’s crontab entry: -----------------

# Get new ip block list weekly for firewall

* 4 * * 2 /etc/country.block.iptables.sh >> /home/bill/firewall.log


# Make sure firewall is up on boot, then restore ip tables

@reboot /usr/sbin/ufw enable

@reboot /etc/country.block.iptables.restore.sh

----------------------------------------------------------------

/etc/country.block.iptables.sh


#!/bin/sh

# Purpose: Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code. #

# See url for more info - http://www.cyberciti.biz/faq/?p=3402

# Author: nixCraft <www.cyberciti.biz> under GPL v.2.0+

#

echo "- - - Updating IP Tables - - -" >> /home/bill/firewall.log

date +%y-%m-%d/%H:%M:%S >> /home/bill/firewall.log

# set your countries to block

ISO="af cn my ru"


### Set PATH ###

IPT=/sbin/iptables

WGET=/usr/bin/wget

EGREP=/bin/egrep


### No editing below ###

SPAMLIST="countrydrop"

ZONEROOT="/root/iptables"

DLROOT="http://www.ipdeny.com/ipblocks/data/countries"


cleanOldRules(){

$IPT -F

$IPT -X

$IPT -t nat -F

$IPT -t nat -X

$IPT -t mangle -F

$IPT -t mangle -X

$IPT -P INPUT ACCEPT

$IPT -P OUTPUT ACCEPT

$IPT -P FORWARD ACCEPT

}


# create a dir

[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT


# clean old rules

cleanOldRules


# .//etc/country.block.iptables.finish.sh

create a new iptables list

$IPT -N $SPAMLIST


for c in $ISO

do

# local zone file

tDB=$ZONEROOT/$c.zone


# get fresh zone file

$WGET -O $tDB $DLROOT/$c.zone


# country specific log message

SPAMDROPMSG="$c Country Drop"


# get

BADIPS=$(egrep -v "^#|^$" $tDB)

echo " Working on new iptable list for" $c "...."

echo

for ipblock in $BADIPS

do

$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"

$IPT -A $SPAMLIST -s $ipblock -j DROP

done

done


# Drop everything

$IPT -I INPUT -j $SPAMLIST

$IPT -I OUTPUT -j $SPAMLIST

$IPT -I FORWARD -j $SPAMLIST


# call your other iptable script

# /path/to/other/iptables.sh

/etc/country.block.iptables.finish.sh

-------------------------------------------------------------

/etc/country.block.iptables.finish.sh


#!/bin/sh

# save the new table, it should reconstitute on reboot. Check with "sudo iptabl$

echo "- - - Saving IP Table for retrieve on reboot - - -" >> /home/bill/firewal$

date +%y-%m-%d/%H:%M:%S >> /home/bill/firewall.log

sudo ufw enable

iptables-save > /etc/iptables

--------------------------------------------------------------

/etc/country.block.iptables.restore.sh:


#!/bin/bash

echo "- - - Restoring IP Table on reboot - - -" >> /home/bill/firewall.log

date +%y-%m-%d/%H:%M:%S >> /home/bill/firewall.log

iptables-restore < /etc/iptables

--------------------------------------------------------------

Now reboot your machine and pray - the rules should come up exactly like before (use "iptables --list" to verify this).


Create a Desktop Launcher


Use this Bash script:. Works in Ubuntu 18.04.

===================================


#!/bin/bash

#

# This script will make a desktop launcher (shortcut)

# for Ubuntu 18.04 - By Bill Craig (launcher@wrcraig.com)

# Thanks to Lubos Rendek and Abhishek Prakash.

#

# Instructions

# Copy this script to your home directory as launcher.sh

# Open the file properties and make this script executable

# Open a terminal and enter ./launcher.sh

# Enter your user name and the Application name to create a launcher

#

# Optional

# Give this script it's own launcher in the gnome desktop.

# Create any launcher using this script, right click and choose Properties.

# Make the Command: gnome-terminal -e "./launcher.sh"

# Edit the rest of the launcher as you deem necessary.

#


clear

echo "LAUNCHER - "

echo

read -p "This script creates a desktop launcher (shortcut) on your desktop,

Press Enter to continue or Ctrl + c to quit"

echo

echo "Enter your username: "

read name

echo

echo "Enter the name of the Application: "

read Application


# See if user exists:

file=/home/$name

if ! test -d $file;

then

read -p "

User $name does not exist,

Press enter to exit"

exit

fi


# See if Application startup command is found

location=$(which $Application)

status=$?

if ! test $status -eq 0;

then

clear

read -p "

$Application does not exist on this computer.


To find the actual name of an installed Application, go to the directory usr -> share -> applications.

You’ll see icons of several Ubuntu applications you have installed here.

Even if you don’t see the icons, you should see the .desktop files

that are named as application.desktop.


Look for the application icon (or its desktop file). When you find it,

right click and choose properties to find the actual name of the Application.


You can either use the actual Application name in the script

or

drag-drop the file to the desktop or copy the file (using Ctrl+C shortcut)

and paste it on the desktop (using Ctrl+V shortcut).

Double click on the launcher, then click on Trust and Launch to initiate the shortcut.


Press enter to exit"

exit

fi


# Verify data to continue

echo

echo "Your name= $name"

echo "Application= $Application"

echo "location of Application= $location"

echo

read -p "If this information is correct,

Press Enter to continue or Ctrl + c to quit"

echo


# Exit if file already exists:

file=/home/$name/Desktop/$Application.desktop

if test -f "$file"; then

read -p "$file

File already exists,

Press Enter to exit"

exit

fi


#create file:

echo "Creating file /home/$name/Desktop/$Application.desktop"

touch /home/$name/Desktop/$Application.desktop


# exit if file cannot be created:

file=/home/$name/Desktop/$Application.desktop

if ! test -f "$file";

then

read -p "Cannot create the file. Press Enter to exit"

exit

fi


# Add contents to the file:

echo "#!/usr/bin/env xdg-open" >> /home/$name/Desktop/$Application.desktop

echo "[Desktop Entry]" >> /home/$name/Desktop/$Application.desktop

echo "Version=1.0" >> /home/$name/Desktop/$Application.desktop

echo "Type=Application" >> /home/$name/Desktop/$Application.desktop

echo "Terminal=false" >> /home/$name/Desktop/$Application.desktop

echo "Exec=$location" >> /home/$name/Desktop/$Application.desktop

echo "Name=$Application" >> /home/$name/Desktop/$Application.desktop

echo "Comment=$Application" >> /home/$name/Desktop/$Application.desktop

echo "Icon=" >> /home/$name/Desktop/$Application.desktop


#make executable:

chmod 744 /home/$name/Desktop/$Application.desktop


read -p "File created.


Double click on the launcher,

then click on Trust and Launch to initiate the shortcut.


Get Icons for your Launchers

Do a web search for “icons download”, or similar, and download an appropriate icon

Right click on your Launcher and select Properties

In the Properties window, click on the blank icon and select the image you downloaded


Press Enter to quit"



Installing New Software


Ubuntu software is free. Applications, or Packages, are available from several repositories. The easiest method is to use the built in “Ubuntu Software” icon. The most comprehensive and searchable method is to get a Package Manager like “Synaptic.” Open a Terminal and enter “sudo apt-get install synaptic”.



Zoneminder (zm)

A web based security camera system


Install Apache2 if not already installed. Check by entering http://localhost in your browser.


Create a file to install zm:

Open a terminal and enter nano /home/bill/zm-install

Copy the following into the file


#!/bin/sh

clear

read -p "This script installs Zoneminder 1.32.x on Ubuntu 18.04 AMD64 with LAMP (MySQL) installed...

Press Enter to continue or Ctrl + c to quit" nothing

clear

read -p "You must be logged in as root using sudo su ...

Press Enter to continue or Ctrl + c to quit" nothing

clear

read -p "Next we will add the PPA repository, install and configure the system to run Zoneminder.

Press enter to continue" nothing

apt install -y software-properties-common

clear

add-apt-repository ppa:iconnor/zoneminder-1.32

apt update

clear

awk '$0="date.timezone = "$0' /etc/timezone >> /etc/php/7.2/apache2/php.ini

clear

apt install -y zoneminder

systemctl enable zoneminder

service zoneminder start

adduser www-data video

a2enconf zoneminder

a2enmod rewrite

chown -R www-data:www-data /usr/share/zoneminder/

service apache2 reload

clear

read -p "Install complete.Press enter to continue" nothing

clear


Then save and exit.


Next step is to right-click on the new file in FILES, select Properties-->Permissions-->Allow executing file as Application.


Then open a Terminal and enter “sudo ./zm-install” to install Zoneminder.


Start Zoneminder in a browser using http://localhost/zm

This is a good time to set users and passwords.

▼▼▼▼ See below before defining any cameras ▼▼▼▼▼


Dedicating a hard drive to Zoneminder data

(HIGHLY RECOMMENDED so your primary disk doesn’t get filled up)


Before defining cameras, mount your new Zoneminder data disk or directory to any mount point you want using the Disks Utility.

Then go to Options > Storage > Add New Storage


Enter the info on the new Zoneminder disk you mounted. Example:

Id

Name

Path

Type

Scheme

Server

DiskSpace

Mark

2

sdb1

/sdb1

local

Medium

sdb1

31.47GB of 536.3GB


Now define your cameras: Under General > Storage Area, point them to the name of your New Storage disk.

You should then have a working video security system. Fine tune it to your liking.


This is especially easy on a new Zoneminder install:


For the Zoneminder disk or partition just use the Disks utility to create your mount point as /var/cache/zoneminder then install Zoneminder. How easy is that?



DIDN’T WORK FOR ME

Use Systemd to Mount an Internal Drive or NAS on an established Zoneminder system

DIDN’T WORK FOR ME

Mount units with Systemd Ubuntu 16.xx or newer.

Thanks to knnniggett for the effort to make this work!

Background: One of the first steps the end user must perform after installing ZoneMinder is to dedicate an entire partition, drive, or network share for ZoneMinder's event storage. The reason being, ZoneMinder will, by design, fill up your hard disk, and you don't want to do that to your root volume!

Due to the mass adoption of Systemd we now have a new way to accomplish this, which happens to give us something the former method did not. Read on to learn more!

Systemd natively integrates all sorts of system admin functions that the legacy sys v init didn't have anything to do with. One of those functions is the ability to create mount points, much in the same way one would create a service (a.k.a. unit) file.

Collect Information We need to know the following before we get started:

   Find the ZoneMinder events and images folders on your filesystem
   Determine the name of the web account user
   For local volumes, determine the device name of the volume
   For local volumes, determine the uuid of the volume
   For remote volumes, determine the sharing protocol to be used e.g. nfs, smb, etc
   For remote volumes, determine the share name


The location of the events and images folder will vary by Linux distro. You are looking for an actual folder, NOT a symlink! Debian (Ubuntu) distros prefer /var/cache/zoneminder. These folder locations are chosen by each distros' packaging guidelines.


On most Linux distros, you can view the uuid of each of your drives like so:

ls -l /dev/disk/by-uuid

On my system with two hard drives, the items above are as follows:

   /var/cache/zoneminder
   www-data
   /dev/sdb1
   7ec50da2-fc67-4ade-89c7-6047710afae2

Your configuration will be different. Options to connect to a network share will be noted herein.

Migrate existing data I'm not going to get into the details of this since the necessary steps will vary with each system. What you need to do is migrate whatever happens to be in the ZoneMinder events and images folders over to the new partition, disk, or network share. You do this by mounting the target from the command line via the normal fashion to a temporary folder, issue the appropriate move commands, and finally unmount the target.

This procedure has been modified for Ubuntu 16.xx and later

Log in and become root

sudo su

Stop Zoneminder

service zoneminder stop

Note: The next step will remove the Zoneminder events and images directories! This is safe to do if your system is new and you have not added cameras that have recorded events.

Remove or events and images directories

rm -r /var/cache/zoneminder/events
rm -r /var/cache/zoneminder/images

If you have an operational system you may rename the directories (mv /home/user/oldname /home/user/newname) then move the data to the new drive directories.

mv /var/cache/zoneminder/events /var/cache/zoneminder/oldevents
mv /var/cache/zoneminder/images /var/cache/zoneminder/oldimages

Create the first Systemd Mount Unit You will be creating a total of three mount units. The first mount unit mounts the drive or partition to your system. To do that create a new folder. I prefer to put mount points under /mnt and give the name of the subfolder the same name as the device or share. In my case, that would be sdb1.

mkdir /mnt/sdb1 

When creating mount units with systemd, the filename describing the mount point has to be named in a specific manner. Since the folder I just created is at /mnt/sdb1, one has to name the mount unit mnt-sdb1.mount. Create that file in the /etc/systemd/system folder.

nano /etc/systemd/system/mnt-sdb1.mount

Note: the next step you use is dependent upon the use of an internal drive or a network drive. Read carefully!


Internal drive: add the following contents, changing the path and uuid to match that of your system:

# systemd mount unit for ZoneMinder event storage
 
[Unit]
Description=systemd mount unit for ZoneMinder event storage
Before=zoneminder
 
[Mount]
What=/dev/disk/by-uuid/7ec50da2-fc67-4ade-89c7-6047710afae2
Where=/mnt/sdb1
Type=ext4
Options=defaults,noatime,commit=120,data=writeback
 
[Install]
WantedBy=multi-user.target

Save and close the editor.

Go to *Next


Network drive/NAS SMB or CIFS Mount

Note: your network share must recognize symbolic links Add the following contents, changing the What= and Options= to match that of your system:

# systemd mount unit for ZoneMinder event storage
 
[Unit]
Description=systemd mount unit for ZoneMinder event storage
After=networking.service
Before=zoneminder
 
[Mount]
What=//192.168.50.4/zm
Where=/mnt/sdb1
Type=
Options=credentials=/root/.smbcredentials,uid=33,gid=33,rw
 
[Install]
WantedBy=multi-user.target

Save and close the editor.

Install smbclient if you are mounting a Windows or SMB share

apt install smbclient cifs-utils

Create a file for your remote servers logon credential, This is the user and password you would use to access the Windows share and is located in the /root directory.

nano ~/.smbcredentials

Enter your Windows username, password and workgroup or domain in the file:

username=msusername
password=mspassword
domain=workgroup

Save the file, exit the editor.

Change the permissions of the file to prevent unwanted access to your credentials:

chmod 600 ~/.smbcredentials
Next

Now enable and start the unit:

systemctl enable mnt-sdb1.mount
systemctl start mnt-sdb1.mount 

Make and Set Folder Permissions We've created our primary mount point, but we aren't done yet. First, let's create some folders and set the correct permissions:

mkdir -p /mnt/sdb1/zoneminder/events
mkdir -p /mnt/sdb1/zoneminder/images
chown -R www-data:www-data /mnt/sdb1/zoneminder
   

Remember that, if you are not running a Ubuntu distro, the web user account might be named something other than www-data on your system.

Create two Systemd Bind Mount Units With the events and images folders created, we want to create two mount units, which bind mount those folders into the desired places.

Create the file /etc/systemd/system/var-cache-zoneminder-events.mount

nano /etc/systemd/system/var-cache-zoneminder-events.mount

Next add the following content to it:

# systemd bind mount unit for ZoneMinder event storage

[Unit]
Description=systemd bind mount unit for ZoneMinder event storage
After=mnt-sdb1.mount
Requires=mnt-sdb1.mount

[Mount]
What=/mnt/sdb1/zoneminder/events
Where=/var/cache/zoneminder/events
Type=none
Options=bind

[Install]
WantedBy=local-fs.target

Save and close the editor.

Now enable and start the unit:

systemctl enable  var-cache-zoneminder-events.mount
systemctl start  var-cache-zoneminder-events.mount 

We now need to do the same thing to the images folder. Create the file /etc/systemd/system/var-lib-zoneminder-images.mount

nano /etc/systemd/system/var-cache-zoneminder-images.mount

Next add the following content to it:

# systemd bind mount unit for ZoneMinder image storage

[Unit]
Description=systemd bind mount unit for ZoneMinder image storage
After=mnt-sdb1.mount
Requires=mnt-sdb1.mount

[Mount]
What=/mnt/sdb1/zoneminder/images
Where=/var/cache/zoneminder/images
Type=none
Options=bind

[Install]
WantedBy=local-fs.target

Save and close the editor.

Now enable and start the unit:

systemctl enable var-cache-zoneminder-images.mount
systemctl start var-cache-zoneminder-images.mount

Now reboot and verify all three mount points were successful:



Bonus Points. Leverage the Power of Systemd

If you recall, I mentioned that using systemd to manage your mount points has an advantage over the previous method. With your mount points configured with systemd, you can easily prevent ZoneMinder from starting, should the mount point fail for any reason. Anyone who has ever started ZoneMinder without realizing there was a problem reading from the events folder can tell you what happens when this occurs. You lose all your events, and yes this is by design.

To prevent that from happening we need to modify our zoneminder service file. But first make a copy just in case..

cp /lib/systemd/system/zoneminder.service /lib/systemd/system/zoneminder.service.sav
nano /lib/systemd/system/zoneminder.service

Add entries to the After= and Requires=

# ZoneMinder systemd unit file
# This file is intended to work with Debian distributions

[Unit]
Description=ZoneMinder CCTV recording and surveillance system
After=network.target mysql.service mnt-sdb1.mount var-cache-zoneminder-images.mount var-cache-zoneminder-events.mount
# Remarked out so that it will start ZM on machines that don't have mysql installed
#Requires=mysql.service
Requires=mnt-sdb1.mount var-cache-zoneminder-images.mount var-cache-zoneminder-events.mount

[Service]
#User=www-data
Type=forking
ExecStart=/usr/bin/zmpkg.pl start
ExecReload=/usr/bin/zmpkg.pl restart
ExecStop=/usr/bin/zmpkg.pl stop
PIDFile=/var/run/zm/zm.pid
Restart=on-abnormal
[Install]
WantedBy=multi-user.target

Save and close the editor.


Now issue a daemon reload to tell systemd to pick up the change:

systemctl daemon-reload

Should the mount point fail during startup, systemd will prevent the ZoneMinder service from starting with a message stating a failed dependency. Your events are saved from deletion!

Oh, restart Zoneminder and set password, users, etc.

service zoneminder start

Add Fonts

https://fontsup.com/

Download your font, double click on the .ttf file , and choose Install.


Web Log Analysis

To make a daily log analysis page of the local web server enter the following at a terminal prompt in /home:


sudo sh dailywebstats.sh


Now invoked as a root cron job (sudo crontab -e)


#!/bin/bash

# dailywebstats.sh


# define variables

log=/home/bill/awstats.log


echo "" >> $log

echo "==Starting /home/bill/dailywebstats.sh on "$(date +%y-%m-%d/%H:%M:%S)== >> $log


# pearly bracket starts error buffer

{

# create a daily web report

goaccess /var/log/apache2/access.log --log-format=COMBINED -a -o /home/bill/webpage/visitordata/report.html


# Change owner and permissions

chmod 666 /home/bill/webpage/visitordata/report.html

chown bill:bill /home/bill/webpage/visitordata/report.html


# Move the file and add the date to the filename

mv /home/bill/webpage/visitordata/report.html /home/bill/webpage/visitordata/dailies/"daily report "`date +"%Y-%m-%d"`".html"


# Report any errors to the log

} 2>> $log


echo "===================Finished=====================" >> $log


Open the html file in a web browser to see who was checking it out that day.

/home/bill/webpage/visitordata/daily report (yyyy-mm-dd).html

---------------------------

AND

---------------------------

Make a multiple month AWSTATS report.

Enter the following at a terminal prompt in /home:

sudo sh awstats.sh


Now invoked as a root cron job (sudo crontab -e)


#!/bin/bash

# awstats.sh


# define variables

log=/home/bill/awstats.log

month=$(date +"%m-%Y")

FILE=/home/bill/webpage/visitordata/$month


# create all the awstats html output files


# Main one


echo "" >> $log

echo "==Starting /home/bill/awstats.sh on "$(date +%y-%m-%d/%H:%M:%S)== >> $log


# pearly bracket starts error buffering

{


# if directory for monthly stats does not exist, make it

if [ ! -d "$FILE" ]; then

mkdir /home/bill/webpage/visitordata/$month

fi


# run the script that creates the report

cd /etc/awstats/cgi-bin/

perl awstats.pl -config=craig.tplinkdns.com -update -output -staticlinks > awstats.craig.tplinkdns.com.$month.html 2>> $log


# also make the sub reports

perl awstats.pl -config=craig.tplinkdns.com -output=alldomains -staticlinks > awstats.craig.tplinkdns.com.alldomains.$month.html 2>> $log

perl awstats.pl -config=craig.tplinkdns.com -output=allhosts -staticlinks > awstats.craig.tplinkdns.com.allhosts.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=lasthosts -staticlinks > awstats.craig.tplinkdns.com.lasthosts.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=unknownip -staticlinks > awstats.craig.tplinkdns.com.unknownip.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=alllogins -staticlinks > awstats.craig.tplinkdns.com.alllogins.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=lastlogins -staticlinks > awstats.craig.tplinkdns.com.lastlogins.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=allrobots -staticlinks > awstats.craig.tplinkdns.com.allrobots.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=lastrobots -staticlinks > awstats.craig.tplinkdns.com.lastrobots.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=urldetail -staticlinks > awstats.craig.tplinkdns.com.urldetail.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=urlentry -staticlinks > awstats.craig.tplinkdns.com.urlentry.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=urlexit -staticlinks > awstats.craig.tplinkdns.com.urlexit.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=browserdetail -staticlinks > awstats.craig.tplinkdns.com.browserdetail.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=osdetail -staticlinks > awstats.craig.tplinkdns.com.osdetail.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=unknownbrowser -staticlinks > awstats.craig.tplinkdns.com.unknownbrowser.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=unknownos -staticlinks > awstats.craig.tplinkdns.com.unknownos.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=refererse -staticlinks > awstats.craig.tplinkdns.com.refererse.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=refererpages -staticlinks > awstats.craig.tplinkdns.com.refererpages.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=keyphrases -staticlinks > awstats.craig.tplinkdns.com.keyphrases.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=keywords -staticlinks > awstats.craig.tplinkdns.com.keywords.$month.html

perl awstats.pl -config=craig.tplinkdns.com -output=errors404 -staticlinks > awstats.craig.tplinkdns.com.errors404.$month.html


# move the newly created reports to the monthly directory and make them RW for everyone

mv *.html /home/bill/webpage/visitordata/$month

cd /home/bill/webpage/visitordata/$month

chmod 666 *.html


# Report any errors to the log

} 2>> $log


echo "===================Finished=====================" >> $log


You may open the updated report in a browser file:///home/bill/webpage/visitordata/(mm-yy)/awstats.craig.tplinkdns.com.(mm-yyyy).html


(Original properties in case we need to change back:

drwxr-x--- 2 www-data www-data 4096 Nov 26 20:02 awstats

-rw-r--r-- 1 root root 8185 Nov 26 20:02 awstats112019.craig.tplinkdns.com.txt

-rw-r--r-- 1 root root 859 Nov 26 20:02 dnscachelastupdate.craig.tplinkdns.com.hash)

Zoneminder Camera Settings


Front Door 20, driveway 21, mailbox 5, steps 7





front path – (webcam) Foscam



Phone