Useful Commands & Info for Ubuntu Ver 18.04
A Free Linux Operating System (Like Windows)
Available at Ubuntu.com
(Software is available free after Ubuntu is installed)
Generally, software is run the same way as in Windows > double click on an icon.
More advanced topics are found below:
Table of Contents Links (Ctl-Click to follow link):
Change the Permissions of Files
Dedicating a hard drive to Zoneminder
Normal Root login:
/////warning//////////
Enabling the root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo in the Terminal window using the administrator or root password.
/////warning///////////
In the Terminal window:
sudo followed by a command will execute the command as root.
sudo -s or sudo su will establish root access until the Terminal is closed.
Enabling the root account
If you really need a persistent root login, the best alternative is to simulate a root login shell using the following command...
establish root:
sudo -i
To enable the root account (i.e. set a password) use:
sudo passwd root
Use at your own risk!
/////warning///////////
Logging in to X as root may cause very serious trouble. If you believe you need a root account to perform a certain action, please consult the official support channels first, to make sure there is not a better alternative.
/////warning///////////
Re-disabling your root account
If for some reason you have enabled your root account and wish to disable it again, use the following command in terminal...
sudo passwd -dl root
Browse files as root
Press [alt]F2 to get a root window, then type gksudo (maybe gksu) or “nautilus” as a last resort
The chown command changes the owner and owning group of files.
chown -R chope:chope /files/work
Recursively grant owner:group of the directory /files/work, and all files and subdirectories, to user chope.
Make sure you have selected the correct sound card/driver!
If still can’t get sound try:
sudo apt-get remove --purge alsa-base pulseaudio
sudo apt-get install alsa-base pulseaudio
sudo apt-get install alsa-tools-gui
alsamixer
hdajackretask (careful, allows task reassignment of sound card ports)
ls -l
-
The first character represents the file type: "-" for a regular file, "d" for a directory, "l" for a symbolic link.
rwx
The next three characters represent the permissions for the file's owner: in this case, the owner may read from, write to, and/or execute the file.
rw-
The next three characters represent the permissions for members of the group that the file belongs to. In this case, any member of the file's owning group may read from or write to the file. The final dash is a placeholder; group members do not have permission to execute this file.
r--
The permissions for "others" (everyone else). Others may only read this file.
-n-
The number of hard links to this file.
Used to change the permissions of files or directories.
chmod options permissions filename
chmod u=rwx,g=rx,o=r myfile
This is an example using symbolic permissions notation. The letters u, g, and o stand for "user", "group", and "other". The equals sign ("=") means "set the permissions exactly like this," and the letters "r", "w", and "x" stand for "read", "write", and "execute", respectively. The commas separate the different classes of permissions, and there are no spaces in between them.
Here is the equivalent command using octal permissions notation:
chmod 754 myfile
owner group other
Read 4 4 4
Write 2 2 2
Execute 1 1 1
Total
Here the digits 7, 5, and 4 each individually represent the permissions for the user, group, and others, in that order. Each digit is a combination of the numbers 4, 2, 1, and 0:
4 stands for "read",
2 stands for "write",
1 stands for "execute", and
0 stands for "no permission."
So 7 is the combination of permissions 4+2+1 (read, write, and execute), 5 is 4+0+1 (read, no write, and execute), and 4 is 4+0+0 (read, no write, and no execute).
Options
--preserve-root
Do not operate recursively on '/'.
--reference=RFILE
Set permissions to match those of file RFILE, ignoring any specified MODE.
-R, --recursive
change files and directories recursively.
--help
Display a help message and exit.
File System check, like chkdsk:
Rare: File permissions and ownership corrupted somehow
Did you shutdown properly/completely the last time?
If not, un-mount the drive and run the file system check utility 'fsck'
grub bootApplication
sudo update-grub
Hold shift when booting to get grub menu
The apport system creates crash report files in the /var/crash directory. These crash report files cause the error message to appear everytime Ubuntu boots.
Just remove the crash report files
sudo rm /var/crash/*
After removing all the crash report files, the error message should stop popping up. However if a new crash takes place then it would appear again in future.
sudo system-config-samba
sudo nano /etc/samba/smb.conf
sudo samba restart
If a network PC is not seen in files>Windows Network>Workgroup
Go to the bottom of the Files window at “Connect to Server” and enter smb://(machinename)/(shared-directory)
In general you start any command from a terminal by entering the command.
So to edit a file with gedit
gedit file_to_edit
An .avi is no different, just a different command
banshee your.avi
You may use any media player you wish.
the only thing is an avi itself is a container, so you may need to install some codecs. codecs are the tools to play mp3 and other audio visual files.
this link may help
http://linuxcommand.org/
The syntax to open any file in its default application is
xdg-open <file_name>
If you mean play the video in the terminal video, install mplayer (sudo apt-get install mplayer) and run
mplayer -vo caca <movie_file>
It doesn't run directly in the terminal window, but it does display in ASCII characters.
If you only want to convert mkv to mp4 then you will save quality and a lot of time by just changing the containers. Both of these are just wrappers over the same content so the cpu only needs to do a little work. Don't re encode as you will definitely lose quality.
It's very straight forward using ffmpeg:
ffmpeg -i LostInTranslation.mkv -vcodec copy -acodec copy LostInTranslation.mp4
Here, you are copying the video codec and audio codec so nothing is being encoded.
Tip:
To convert all the mkv files in current directory, run a simple loop in terminal:
for i in *mkv; do ffmpeg -i $i -vcodec copy -acodec copy $i.mp4; done
For future conversions, like from avi to mp4, check out HandBrake.
Once installation is completed you can check the status of UFW with the following command:
sudo
ufw status verbose
By
default, UFW will block all of the incoming connections and allow all
outbound connections. This means that anyone trying to access your
server will not be able to connect unless you specifically open the
port, while all applications and services running on your server will
be able to access the outside world.
The
default polices are defined in the /etc/default/ufw
file and can be changed using the sudo
ufw default <policy> <chain>
command.
Firewall policies are the foundation for building more detailed and user-defined rules. In most cases, the initial UFW Default Policies are a good starting point.
When
installing a package with the apt
command it will add an application profile to /etc/ufw/applications.d
directory. The profile describes the service and contains UFW
settings.
You can list all application profiles available on your server by typing:
sudo ufw app list
Depending on the packages installed on your system the output will look similar to the following:
Available applications:
Dovecot IMAP
Dovecot POP3
Dovecot Secure IMAP
Dovecot Secure POP3
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
Postfix
Postfix SMTPS
Postfix Submission
To find more information about a specific profile and included rules, use the following command:
sudo ufw app info 'Nginx Full'
Profile: Nginx Full
Title: Web Server (Nginx, HTTP + HTTPS)
Description: Small, but very powerful and efficient web server
Ports:
80,443/tcp
As you can see from the output above the ‘Nginx Full’ profile opens port80
and443
.
Before enabling the UFW firewall we need to add a rule which will allow incoming SSH connections. If you’re connecting to your server from a remote location, which is almost always the case and you enable the UFW firewall before explicitly allow incoming SSH connections you will no longer be able to connect to your Ubuntu server.
To configure your UFW firewall to allow incoming SSH connections, type the following command:
sudo ufw allow ssh
Rules updated
Rules updated (v6)
If you changed the SSH port to a custom port instead of the port 22, you will need to open that port.
For
example, if your ssh daemon listens on port 4422
,
then you can use the following command to allow connections on that
port:
sudo ufw allow 4422/tcp
Now that your UFW firewall is configured to allow incoming SSH connections, we can enable it by typing:
sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
You
will be warned that enabling the firewall may disrupt existing ssh
connections, just type y
and hit Enter
.
Depending on the applications that run on your server and your specific needs you’ll also need to allow incoming access to some other ports.
Below we will show you a few examples on how to allow incoming connections to some of the most common services:
HTTP connections can be allowed with the following command:
sudo ufw allow http
instead of http you can use the port number, 80:
sudo ufw allow 80/tcp
or you can use the application profile, in this case, ‘Nginx HTTP’:
sudo ufw allow 'Nginx HTTP'
HTTP connections can be allowed with the following command:
sudo ufw allow https
To
achieve the same instead of https
profile you can use the port number, 443
:
sudo ufw allow 443/tcp
or you can use the application profile, ‘Nginx HTTPS’:
sudo ufw allow 'Nginx HTTPS'
If
you run Tomcat
or any other application that listens on port 8080
to allow incoming connections type:
sudo ufw allow 8080/tcp
Instead
of allowing access to single ports UFW allows us to allow access to
port ranges. When allowing port ranges with UFW, you must specify the
protocol, either tcp
or udp
.
For example, if you want to allow ports from 7100
to 7200
on both tcp
and udp
then run the following command:
sudo ufw allow 7100:7200/tcp
sudo ufw allow 7100:7200/udp
Allow Specific IP Addresses
To
allow access on all ports from your home machine with IP address of
64.63.62.61, specify from
followed by the IP address you want to whitelist:
sudo ufw allow from 64.63.62.61
Allow Specific IP Addresses on Specific port
To
allow access on a specific port let’s say port 22 from your work
machine with IP address of 64.63.62.61, use to
any port
followed by the port number:
sudo ufw allow from 64.63.62.61 to any port 22
The command for allowing connection to a subnet of IP addresses is the same as when using a single IP address, the only difference is that you need to specify the netmask. For example, if you want to allow access for IP addresses ranging from 192.168.1.1 to 192.168.1.254 to port 3360 (MySQL) you can use this command:
sudo ufw allow from 192.168.1.0/24 to any port 3306
To
allow access on a specific port let’s say port 3360 only to
specific network interface eth2
,
then you need to specify allow
in on
and the name of the network interface:
sudo ufw allow in on eth2 to any port 3306
The
default policy for all incoming connections is set to deny
and if you haven’t changed it, UFW will block all incoming
connection unless you specifically open the connection.
Let’s
say you opened the ports 80
and 443
and your server is under attack from the 23.24.25.0/24
network. To deny all connections from 23.24.25.0/24
you can use the following command:
sudo ufw insert 1 deny in from 23.24.25.0/24("insert 1" puts the deny rule at the top so the allow rules are not acted upon first)
If
you only want to deny access to ports 80
and 443
from 23.24.25.0/24
you can use the following command:
sudo ufw deny from 23.24.25.0/24 to any port 80
sudo ufw deny from 23.24.25.0/24 to any port 443
Writing
deny rules is the same as writing allow rules, you only need to
replace allow
with deny
.
There are two different ways to delete UFW rules, by rule number and by specifying the actual rule.
Deleting UFW rules by rule number is easier especially if you are new to UFW. To delete a rule by a rule number first you need to find the number of the rule you want to delete, you can do that with the following command:
sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 80/tcp ALLOW IN Anywhere
[ 3] 8080/tcp ALLOW IN Anywhere
To delete rule number 3, the rule that allows connections to port 8080, use the following command:
sudo ufw delete 3
The
second method is to delete a rule by specifying the actual rule, for
example if you added a rule to open port 8069
you can delete it with:
sudo ufw delete allow 8069
If for any reason you want to stop UFW and deactivate all the rules you can use:
sudo ufw disable
Later if you want to re-enable UTF and activate all rules just type:
sudo ufw enable
Resetting UFW will disable UFW, and delete all active rules. This is helpful if you want to revert all of your changes and start fresh.
To reset UFW simply type in the following command:
sudo ufw reset
in pc firewall named "ufw"
-------------– root’s crontab entry: -----------------
# Get new ip block list weekly for firewall
* 4 * * 2 /etc/country.block.iptables.sh >> /home/bill/firewall.log
# Make sure firewall is up on boot, then restore ip tables
@reboot /usr/sbin/ufw enable
@reboot /etc/country.block.iptables.restore.sh
----------------------------------------------------------------
/etc/country.block.iptables.sh
#!/bin/sh
# Purpose: Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code. #
# See url for more info - http://www.cyberciti.biz/faq/?p=3402
# Author: nixCraft <www.cyberciti.biz> under GPL v.2.0+
#
echo "- - - Updating IP Tables - - -" >> /home/bill/firewall.log
date +%y-%m-%d/%H:%M:%S >> /home/bill/firewall.log
# set your countries to block
ISO="af cn my ru"
### Set PATH ###
IPT=/sbin/iptables
WGET=/usr/bin/wget
EGREP=/bin/egrep
### No editing below ###
SPAMLIST="countrydrop"
ZONEROOT="/root/iptables"
DLROOT="http://www.ipdeny.com/ipblocks/data/countries"
cleanOldRules(){
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
}
# create a dir
[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT
# clean old rules
cleanOldRules
# .//etc/country.block.iptables.finish.sh
create a new iptables list
$IPT -N $SPAMLIST
for c in $ISO
do
# local zone file
tDB=$ZONEROOT/$c.zone
# get fresh zone file
$WGET -O $tDB $DLROOT/$c.zone
# country specific log message
SPAMDROPMSG="$c Country Drop"
# get
BADIPS=$(egrep -v "^#|^$" $tDB)
echo " Working on new iptable list for" $c "...."
echo
for ipblock in $BADIPS
do
$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
$IPT -A $SPAMLIST -s $ipblock -j DROP
done
done
# Drop everything
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST
# call your other iptable script
# /path/to/other/iptables.sh
/etc/country.block.iptables.finish.sh
-------------------------------------------------------------
/etc/country.block.iptables.finish.sh
#!/bin/sh
# save the new table, it should reconstitute on reboot. Check with "sudo iptabl$
echo "- - - Saving IP Table for retrieve on reboot - - -" >> /home/bill/firewal$
date +%y-%m-%d/%H:%M:%S >> /home/bill/firewall.log
sudo ufw enable
iptables-save > /etc/iptables
--------------------------------------------------------------
/etc/country.block.iptables.restore.sh:
#!/bin/bash
echo "- - - Restoring IP Table on reboot - - -" >> /home/bill/firewall.log
date +%y-%m-%d/%H:%M:%S >> /home/bill/firewall.log
iptables-restore < /etc/iptables
--------------------------------------------------------------
Now reboot your machine and pray - the rules should come up exactly like before (use "iptables --list" to verify this).
Use this Bash script:. Works in Ubuntu 18.04.
===================================
#!/bin/bash
#
# This script will make a desktop launcher (shortcut)
# for Ubuntu 18.04 - By Bill Craig (launcher@wrcraig.com)
# Thanks to Lubos Rendek and Abhishek Prakash.
#
# Instructions
# Copy this script to your home directory as launcher.sh
# Open the file properties and make this script executable
# Open a terminal and enter ./launcher.sh
# Enter your user name and the Application name to create a launcher
#
# Optional
# Give this script it's own launcher in the gnome desktop.
# Create any launcher using this script, right click and choose Properties.
# Make the Command: gnome-terminal -e "./launcher.sh"
# Edit the rest of the launcher as you deem necessary.
#
clear
echo "LAUNCHER - "
echo
read -p "This script creates a desktop launcher (shortcut) on your desktop,
Press Enter to continue or Ctrl + c to quit"
echo
echo "Enter your username: "
read name
echo
echo "Enter the name of the Application: "
read Application
# See if user exists:
file=/home/$name
if ! test -d $file;
then
read -p "
User $name does not exist,
Press enter to exit"
exit
fi
# See if Application startup command is found
location=$(which $Application)
status=$?
if ! test $status -eq 0;
then
clear
read -p "
$Application does not exist on this computer.
To find the actual name of an installed Application, go to the directory usr -> share -> applications.
You’ll see icons of several Ubuntu applications you have installed here.
Even if you don’t see the icons, you should see the .desktop files
that are named as application.desktop.
Look for the application icon (or its desktop file). When you find it,
right click and choose properties to find the actual name of the Application.
You can either use the actual Application name in the script
or
drag-drop the file to the desktop or copy the file (using Ctrl+C shortcut)
and paste it on the desktop (using Ctrl+V shortcut).
Double click on the launcher, then click on Trust and Launch to initiate the shortcut.
Press enter to exit"
exit
fi
# Verify data to continue
echo
echo "Your name= $name"
echo "Application= $Application"
echo "location of Application= $location"
echo
read -p "If this information is correct,
Press Enter to continue or Ctrl + c to quit"
echo
# Exit if file already exists:
file=/home/$name/Desktop/$Application.desktop
if test -f "$file"; then
read -p "$file
File already exists,
Press Enter to exit"
exit
fi
#create file:
echo "Creating file /home/$name/Desktop/$Application.desktop"
touch /home/$name/Desktop/$Application.desktop
# exit if file cannot be created:
file=/home/$name/Desktop/$Application.desktop
if ! test -f "$file";
then
read -p "Cannot create the file. Press Enter to exit"
exit
fi
# Add contents to the file:
echo "#!/usr/bin/env xdg-open" >> /home/$name/Desktop/$Application.desktop
echo "[Desktop Entry]" >> /home/$name/Desktop/$Application.desktop
echo "Version=1.0" >> /home/$name/Desktop/$Application.desktop
echo "Type=Application" >> /home/$name/Desktop/$Application.desktop
echo "Terminal=false" >> /home/$name/Desktop/$Application.desktop
echo "Exec=$location" >> /home/$name/Desktop/$Application.desktop
echo "Name=$Application" >> /home/$name/Desktop/$Application.desktop
echo "Comment=$Application" >> /home/$name/Desktop/$Application.desktop
echo "Icon=" >> /home/$name/Desktop/$Application.desktop
#make executable:
chmod 744 /home/$name/Desktop/$Application.desktop
read -p "File created.
Double click on the launcher,
then click on Trust and Launch to initiate the shortcut.
Get Icons for your Launchers
Do a web search for “icons download”, or similar, and download an appropriate icon
Right click on your Launcher and select Properties
In the Properties window, click on the blank icon and select the image you downloaded
Press Enter to quit"
Ubuntu software is free. Applications, or Packages, are available from several repositories. The easiest method is to use the built in “Ubuntu Software” icon. The most comprehensive and searchable method is to get a Package Manager like “Synaptic.” Open a Terminal and enter “sudo apt-get install synaptic”.
A web based security camera system
Install Apache2 if not already installed. Check by entering http://localhost in your browser.
Create a file to install zm:
Open a terminal and enter nano /home/bill/zm-install
Copy the following into the file
#!/bin/sh
clear
read -p "This script installs Zoneminder 1.32.x on Ubuntu 18.04 AMD64 with LAMP (MySQL) installed...
Press Enter to continue or Ctrl + c to quit" nothing
clear
read -p "You must be logged in as root using sudo su ...
Press Enter to continue or Ctrl + c to quit" nothing
clear
read -p "Next we will add the PPA repository, install and configure the system to run Zoneminder.
Press enter to continue" nothing
apt install -y software-properties-common
clear
add-apt-repository ppa:iconnor/zoneminder-1.32
apt update
clear
awk '$0="date.timezone = "$0' /etc/timezone >> /etc/php/7.2/apache2/php.ini
clear
apt install -y zoneminder
systemctl enable zoneminder
service zoneminder start
adduser www-data video
a2enconf zoneminder
a2enmod rewrite
chown -R www-data:www-data /usr/share/zoneminder/
service apache2 reload
clear
read -p "Install complete.Press enter to continue" nothing
clear
Then save and exit.
Next step is to right-click on the new file in FILES, select Properties-->Permissions-->Allow executing file as Application.
Then open a Terminal and enter “sudo ./zm-install” to install Zoneminder.
Start Zoneminder in a browser using http://localhost/zm
This is a good time to set users and passwords.
▼▼▼▼ See below before defining any cameras ▼▼▼▼▼
Dedicating a hard drive to Zoneminder data
(HIGHLY RECOMMENDED so your primary disk doesn’t get filled up)
Before defining cameras, mount your new Zoneminder data disk or directory to any mount point you want using the Disks Utility.
Then go to Options > Storage > Add New Storage
Enter the info on the new Zoneminder disk you mounted. Example:
Id |
Name |
Path |
Type |
Scheme |
Server |
DiskSpace |
Mark |
---|---|---|---|---|---|---|---|
31.47GB of 536.3GB |
Now define your cameras: Under General > Storage Area, point them to the name of your New Storage disk.
You should then have a working video security system. Fine tune it to your liking. ☺
This
is especially easy on a new Zoneminder install:
For the Zoneminder
disk or partition just use the Disks utility to create your mount
point as /var/cache/zoneminder then install Zoneminder. How easy is
that?
DIDN’T WORK FOR ME
DIDN’T WORK FOR ME
Mount units with
Systemd Ubuntu 16.xx or newer.
Thanks to knnniggett
for the effort to make this work!
Background: One of
the first steps the end user must perform after installing ZoneMinder
is to dedicate an entire partition, drive, or network share for
ZoneMinder's event storage. The reason being, ZoneMinder will, by
design, fill up your hard disk, and you don't want to do that to your
root volume!
Due to the mass
adoption of Systemd we now have a new way to accomplish this, which
happens to give us something the former method did not. Read on to
learn more!
Systemd natively
integrates all sorts of system admin functions that the legacy sys v
init didn't have anything to do with. One of those functions is the
ability to create mount points, much in the same way one would create
a service (a.k.a. unit) file.
Collect Information
We need to know the following before we get started:
Find the ZoneMinder events and images folders on your filesystemDetermine the name of the web account userFor local volumes, determine the device name of the volumeFor local volumes, determine the uuid of the volumeFor remote volumes, determine the sharing protocol to be used e.g. nfs, smb, etcFor remote volumes, determine the share name
The location of
the events and images folder will vary by Linux distro. You are
looking for an actual folder, NOT a symlink! Debian (Ubuntu) distros
prefer /var/cache/zoneminder. These folder locations are chosen by
each distros' packaging guidelines.
On most Linux
distros, you can view the uuid of each of your drives like so:
ls -l /dev/disk/by-uuid
On my system with two
hard drives, the items above are as follows:
/var/cache/zoneminderwww-data/dev/sdb17ec50da2-fc67-4ade-89c7-6047710afae2
Your configuration will
be different. Options to connect to a network share will be noted
herein.
Migrate existing
data I'm not going to get into the details of this since the
necessary steps will vary with each system. What you need to do is
migrate whatever happens to be in the ZoneMinder events and images
folders over to the new partition, disk, or network share. You do
this by mounting the target from the command line via the normal
fashion to a temporary folder, issue the appropriate move commands,
and finally unmount the target.
This procedure has
been modified for Ubuntu 16.xx and later
Log in and become
root
sudo su
Stop Zoneminder
service zoneminder stop
Note: The next step
will remove the Zoneminder events and images directories! This is
safe to do if your system is new and you have not added cameras that
have recorded events.
Remove or events and
images directories
rm -r /var/cache/zoneminder/eventsrm -r /var/cache/zoneminder/images
If you have an
operational system you may rename the directories (mv
/home/user/oldname /home/user/newname) then move the data to the new
drive directories.
mv /var/cache/zoneminder/events /var/cache/zoneminder/oldeventsmv /var/cache/zoneminder/images /var/cache/zoneminder/oldimages
Create the first
Systemd Mount Unit You will be creating a total of three mount units.
The first mount unit mounts the drive or partition to your system. To
do that create a new folder. I prefer to put mount points under /mnt
and give the name of the subfolder the same name as the device or
share. In my case, that would be sdb1.
mkdir /mnt/sdb1
When creating mount
units with systemd, the filename describing the mount point has to be
named in a specific manner. Since the folder I just created is at
/mnt/sdb1, one has to name the mount unit mnt-sdb1.mount. Create that
file in the /etc/systemd/system folder.
nano /etc/systemd/system/mnt-sdb1.mount
Note: the next
step you use is dependent upon the use of an internal drive or a
network drive. Read carefully!
Internal drive: add
the following contents, changing the path and uuid to match that of
your system:
# systemd mount unit for ZoneMinder event storage[Unit]Description=systemd mount unit for ZoneMinder event storageBefore=zoneminder[Mount]What=/dev/disk/by-uuid/7ec50da2-fc67-4ade-89c7-6047710afae2Where=/mnt/sdb1Type=ext4Options=defaults,noatime,commit=120,data=writeback[Install]WantedBy=multi-user.target
Save and close the
editor.
Go to *Next
Network drive/NAS
SMB or CIFS Mount
Note: your network
share must recognize symbolic links Add the following contents,
changing the What= and Options= to match that of your system:
# systemd mount unit for ZoneMinder event storage[Unit]Description=systemd mount unit for ZoneMinder event storageAfter=networking.serviceBefore=zoneminder[Mount]What=//192.168.50.4/zmWhere=/mnt/sdb1Type=Options=credentials=/root/.smbcredentials,uid=33,gid=33,rw[Install]WantedBy=multi-user.target
Save and close the
editor.
Install smbclient if
you are mounting a Windows or SMB share
apt install smbclient cifs-utils
Create a file for your
remote servers logon credential, This is the user and password you
would use to access the Windows share and is located in the /root
directory.
nano ~/.smbcredentials
Enter your Windows
username, password and workgroup or domain in the file:
username=msusernamepassword=mspassworddomain=workgroup
Save the file, exit the
editor.
Change the
permissions of the file to prevent unwanted access to your
credentials:
chmod 600 ~/.smbcredentialsNext
Now enable and start
the unit:
systemctl enable mnt-sdb1.mountsystemctl start mnt-sdb1.mount
Make and Set Folder
Permissions We've created our primary mount point, but we aren't done
yet. First, let's create some folders and set the correct
permissions:
mkdir -p /mnt/sdb1/zoneminder/eventsmkdir -p /mnt/sdb1/zoneminder/imageschown -R www-data:www-data /mnt/sdb1/zoneminder
Remember that, if you
are not running a Ubuntu distro, the web user account might be named
something other than www-data on your system.
Create two Systemd
Bind Mount Units With the events and images folders created, we want
to create two mount units, which bind mount those folders into the
desired places.
Create the file
/etc/systemd/system/var-cache-zoneminder-events.mount
nano /etc/systemd/system/var-cache-zoneminder-events.mount
Next add the following
content to it:
# systemd bind mount unit for ZoneMinder event storage[Unit]Description=systemd bind mount unit for ZoneMinder event storageAfter=mnt-sdb1.mountRequires=mnt-sdb1.mount[Mount]What=/mnt/sdb1/zoneminder/eventsWhere=/var/cache/zoneminder/eventsType=noneOptions=bind[Install]WantedBy=local-fs.target
Save and close the
editor.
Now enable and start
the unit:
systemctl enable var-cache-zoneminder-events.mountsystemctl start var-cache-zoneminder-events.mount
We now need to do the
same thing to the images folder. Create the file
/etc/systemd/system/var-lib-zoneminder-images.mount
nano /etc/systemd/system/var-cache-zoneminder-images.mount
Next add the following
content to it:
# systemd bind mount unit for ZoneMinder image storage[Unit]Description=systemd bind mount unit for ZoneMinder image storageAfter=mnt-sdb1.mountRequires=mnt-sdb1.mount[Mount]What=/mnt/sdb1/zoneminder/imagesWhere=/var/cache/zoneminder/imagesType=noneOptions=bind[Install]WantedBy=local-fs.target
Save and close the
editor.
Now enable and start
the unit:
systemctl enable var-cache-zoneminder-images.mountsystemctl start var-cache-zoneminder-images.mount
Now reboot and verify
all three mount points were successful:
Bonus Points.
Leverage the Power of Systemd
If you recall, I
mentioned that using systemd to manage your mount points has an
advantage over the previous method. With your mount points configured
with systemd, you can easily prevent ZoneMinder from starting, should
the mount point fail for any reason. Anyone who has ever started
ZoneMinder without realizing there was a problem reading from the
events folder can tell you what happens when this occurs. You lose
all your events, and yes this is by design.
To prevent that
from happening we need to modify our zoneminder service file. But
first make a copy just in case..
cp /lib/systemd/system/zoneminder.service /lib/systemd/system/zoneminder.service.savnano /lib/systemd/system/zoneminder.service
Add entries to the
After= and Requires=
# ZoneMinder systemd unit file# This file is intended to work with Debian distributions[Unit]Description=ZoneMinder CCTV recording and surveillance systemAfter=network.target mysql.service mnt-sdb1.mount var-cache-zoneminder-images.mount var-cache-zoneminder-events.mount# Remarked out so that it will start ZM on machines that don't have mysql installed#Requires=mysql.serviceRequires=mnt-sdb1.mount var-cache-zoneminder-images.mount var-cache-zoneminder-events.mount[Service]#User=www-dataType=forkingExecStart=/usr/bin/zmpkg.pl startExecReload=/usr/bin/zmpkg.pl restartExecStop=/usr/bin/zmpkg.pl stopPIDFile=/var/run/zm/zm.pidRestart=on-abnormal[Install]WantedBy=multi-user.target
Save and close the
editor.
Now issue a
daemon reload to tell systemd to pick up the change:
systemctl daemon-reload
Should the mount
point fail during startup, systemd will prevent the ZoneMinder
service from starting with a message stating a failed dependency.
Your events are saved from deletion!
Oh, restart Zoneminder and set password, users, etc.
service zoneminder start
Download your font, double click on the .ttf file , and choose Install.
To make a daily log analysis page of the local web server enter the following at a terminal prompt in /home:
sudo sh dailywebstats.sh
Now invoked as a root cron job (sudo crontab -e)
#!/bin/bash
# dailywebstats.sh
# define variables
log=/home/bill/awstats.log
echo "" >> $log
echo "==Starting /home/bill/dailywebstats.sh on "$(date +%y-%m-%d/%H:%M:%S)== >> $log
# pearly bracket starts error buffer
{
# create a daily web report
goaccess /var/log/apache2/access.log --log-format=COMBINED -a -o /home/bill/webpage/visitordata/report.html
# Change owner and permissions
chmod 666 /home/bill/webpage/visitordata/report.html
chown bill:bill /home/bill/webpage/visitordata/report.html
# Move the file and add the date to the filename
mv /home/bill/webpage/visitordata/report.html /home/bill/webpage/visitordata/dailies/"daily report "`date +"%Y-%m-%d"`".html"
# Report any errors to the log
} 2>> $log
echo "===================Finished=====================" >> $log
Open the html file in a web browser to see who was checking it out that day.
/home/bill/webpage/visitordata/daily report (yyyy-mm-dd).html
---------------------------
AND
---------------------------
Make a multiple month AWSTATS report.
Enter the following at a terminal prompt in /home:
sudo sh awstats.sh
Now invoked as a root cron job (sudo crontab -e)
#!/bin/bash
# awstats.sh
# define variables
log=/home/bill/awstats.log
month=$(date +"%m-%Y")
FILE=/home/bill/webpage/visitordata/$month
# create all the awstats html output files
# Main one
echo "" >> $log
echo "==Starting /home/bill/awstats.sh on "$(date +%y-%m-%d/%H:%M:%S)== >> $log
# pearly bracket starts error buffering
{
# if directory for monthly stats does not exist, make it
if [ ! -d "$FILE" ]; then
mkdir /home/bill/webpage/visitordata/$month
fi
# run the script that creates the report
cd /etc/awstats/cgi-bin/
perl awstats.pl -config=craig.tplinkdns.com -update -output -staticlinks > awstats.craig.tplinkdns.com.$month.html 2>> $log
# also make the sub reports
perl awstats.pl -config=craig.tplinkdns.com -output=alldomains -staticlinks > awstats.craig.tplinkdns.com.alldomains.$month.html 2>> $log
perl awstats.pl -config=craig.tplinkdns.com -output=allhosts -staticlinks > awstats.craig.tplinkdns.com.allhosts.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=lasthosts -staticlinks > awstats.craig.tplinkdns.com.lasthosts.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=unknownip -staticlinks > awstats.craig.tplinkdns.com.unknownip.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=alllogins -staticlinks > awstats.craig.tplinkdns.com.alllogins.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=lastlogins -staticlinks > awstats.craig.tplinkdns.com.lastlogins.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=allrobots -staticlinks > awstats.craig.tplinkdns.com.allrobots.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=lastrobots -staticlinks > awstats.craig.tplinkdns.com.lastrobots.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=urldetail -staticlinks > awstats.craig.tplinkdns.com.urldetail.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=urlentry -staticlinks > awstats.craig.tplinkdns.com.urlentry.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=urlexit -staticlinks > awstats.craig.tplinkdns.com.urlexit.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=browserdetail -staticlinks > awstats.craig.tplinkdns.com.browserdetail.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=osdetail -staticlinks > awstats.craig.tplinkdns.com.osdetail.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=unknownbrowser -staticlinks > awstats.craig.tplinkdns.com.unknownbrowser.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=unknownos -staticlinks > awstats.craig.tplinkdns.com.unknownos.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=refererse -staticlinks > awstats.craig.tplinkdns.com.refererse.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=refererpages -staticlinks > awstats.craig.tplinkdns.com.refererpages.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=keyphrases -staticlinks > awstats.craig.tplinkdns.com.keyphrases.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=keywords -staticlinks > awstats.craig.tplinkdns.com.keywords.$month.html
perl awstats.pl -config=craig.tplinkdns.com -output=errors404 -staticlinks > awstats.craig.tplinkdns.com.errors404.$month.html
# move the newly created reports to the monthly directory and make them RW for everyone
mv *.html /home/bill/webpage/visitordata/$month
cd /home/bill/webpage/visitordata/$month
chmod 666 *.html
# Report any errors to the log
} 2>> $log
echo "===================Finished=====================" >> $log
You may open the updated report in a browser file:///home/bill/webpage/visitordata/(mm-yy)/awstats.craig.tplinkdns.com.(mm-yyyy).html
(Original properties in case we need to change back:
drwxr-x--- 2 www-data www-data 4096 Nov 26 20:02 awstats
-rw-r--r-- 1 root root 8185 Nov 26 20:02 awstats112019.craig.tplinkdns.com.txt
-rw-r--r--
1 root root 859 Nov 26 20:02
dnscachelastupdate.craig.tplinkdns.com.hash)
Front Door 20, driveway 21, mailbox 5, steps 7
front
path – (webcam) Foscam
Phone