Network/zm setup notes

From Makers Local 256
Jump to: navigation, search


Steps to configure a zoneminder integration.

  1. Install the latest debian (currently stretch)
    1. make sure its hostname is "zoneminder"
  2. As root, install sudo, create a user, add it to sudoers
  3. Install zoneminder
    1. sudo apt update
    2. sudo apt upgrade
    3. sudo apt dist-upgrade
    4. sudo apt install php mariadb-server php-mysql libapache2-mod-php7.0
    5. sudo mysql_secure_installation
    6. sudo cp /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/my.cnf
    7. sudo nano /etc/mysql/my.cnf
      1. character-set-server = latin1
      2. collation-server = latin1_swedish_ci
    8. sudo service mariadb restart
    9. sudo nano /etc/apt/sources.list
      1. deb stretch main non-free
    10. sudo apt install deb-multimedia-keyring
    11. wget
    12. sudo dpkg -i deb-multimedia-keyring_2016.8.1_all.deb
    13. sudo apt update
    14. sudo apt upgrade
    15. sudo apt dist-upgrade
    16. sudo apt install zoneminder vlc-plugin-base php7.0-gd
    17. sudo chmod 740 /etc/zm/zm.conf
    18. sudo chown root:www-data /etc/zm/zm.conf
    19. systemctl enable zoneminder.service
    20. sudo adduser www-data video
    21. sudo systemctl start zoneminder.service
    22. sudo systemctl status zoneminder.service
    23. sudo a2enmod cgi
    24. sudo a2enmod rewrite
    25. sudo a2enconf zoneminder
    26. sudo sed -i "s/;date.timezone =/date.timezone = $(sed 's/\//\\\//' /etc/timezone)/g" /etc/php/7.0/apache2/php.ini
    27. sudo chown -R www-data:www-data /usr/share/zoneminder/
    28. sudo service apache2 restart
  4. Modify zoneminder to use the Makers LDAP
    1. sudo a2enmod ldap
    2. sudo a2enmod authnz_ldap
    3. sudo nano /etc/apache2/conf-available/zoneminder.conf
      1. FIRST
        1. change line with ScriptAlias to 'ScriptAlias /zm/cgi-bin "/usr/lib/zoneminder/cgi-bin"' by adding "/zm"
      2. Then append the following to the bottom of the config file
        1. <Location /zm>
        2. AuthType Basic
        3. AuthBasicProvider ldap
        4. AuthLDAPURL ldap://,dc=org?uid
        5. AuthName "LDAP user plz"
        6. AuthType Basic
        7. Require valid-user
        8. </Location>
    4. sudo systemctl status apache2.service
    5. sudo systemctl restart apache2
  5. Make new zm pc work in the makers local infrastructure
    1. sudo hostnamectl set-hostname zoneminder
    2. sudo vim /etc/network/interfaces -> change nameserver to
    3. sudo vim /etc/network/interfaces -> set the ip to static
      1. auto enp3s0
      2. iface enp3s0 inet static
      3. address
      4. gateway
      5. netmask
  6. log into the new ZM using your ML256 creds and modify the options to match the old zm
    1. ensure the PATH_ZMS on the Paths tab is "/zm/cgi-bin/nph-zms", among other things.
  7. The PC was then connected to the DMZ net (200) by updating a switch port on the ProCurve switch to use that network.
  8. Edit /etc/systemd/system$ cd
    1. change 'Restart=on-abnormal' to 'Restart=always' and restart the service.
  9. The old vm was shut down, and the PC was booted
  10. Success!

Next Steps

  1. Soak up the eudaimonia

Deep Gratitude from Phil to:

  • Kinsey
  • Tyler
  • Hunter

Lessons Learned

  • the reverse proxy works by mapping to
    • this is done in nginx on the remoteproxy VM in the /etc/nginx/sites-enabled folder. (specifically the
    • routing for is handled by the edge router. it updates its hosts file from reported client hostnames and adds them as fqdns to the network
    • this is neat