Vyacheslav

Configuring video recording to an FTP server from IP cameras and Dahua DVRs

I recently configured the next IP camera Dahua DH-IPC-HFW1320SP-W and decided to use an FTP server for recording.
Since the menu is basically the same on Dahua cameras and DVRs, the FTP entry is configured the same way.

Open the device interface, for example by typing an IP address in the browser.
Open the “Setting” tab, then “Storage” – “Destination”, in the “Path” tab, where “Motion Detection” and “Alarm”, I marked the FTP checkboxes, by the way I could choose only one thing, or “Local ( write to a memory card or HDD) “,” FTP “or” NAS “. After the selection, click “Save” to save the changes.

Now go to the tab “FTP”, tick the “Enable” and specify the connection parameters in “Server Address”, “Username”, “Password” and press “Save” to save the changes.

After that, the device began to write video to the FTP server in mp4 format, however it was impossible to view the history entries via the mobile application and the camera interface.
Files on FTP are sorted into folders by date and time, as a variant of the video can be viewed through any FTP client from a computer or phone, if the camera writes for motion detection, accordingly if there is no motion detection, then there will be no folders and records.

Required! In the “Storage” – “Record Control” menu, you need to select “Stop” in “Disk Full”, if “Overwrite” is selected, then after restarting the camera, in my case, all records from the FTP server were deleted.

If the FTP server is running on Linux, you can, for example, add to Cron a command that will delete the directory older than 30 days so that the disk does not overflow:

find /srv/ftp/ipcam/SNCAM/ -type d -mtime +30 -exec rm -rfv {} \; >> /srv/ftp/ipcam/remove.log

Removing exploits from Ubiquiti devices

Once I noticed the spread of the virus/exploit on the network with Ubiquiti devices. Exploit using a vulnerability in older versions of firmware copied itself to other devices and from them attacked the following.

UBNT with firmware 6.0 stop working

I once treated Ubiquiti Networks airMAX® M Series devices with firmware 5+ from the exploit and updated the firmware to the latest, at that time it was the version of XM 6.0 and XW 6.0.
See my article – Removing exploits from Ubiquiti devices

In the 6.0 firmware, the vulnerability was removed through which the exploit was accessed, but there were other bugs.

Literally a couple of weeks later I noticed that there are no connected stations on some bridges in the Access Point (AP) mode, power was lost from the station, the station was booted and connected to the AP, but the AP did not show the connected stations and the traffic did not pass, it’s just and there is a bug.

Solve the problem by restarting the AP, in the future, if the power supply was lost again on the station or it was reboot, there was a high probability of a repetition of this problem.

Fortunately, this problem was later eliminated in new firmware, I did not exactly look at which version, but on devices with firmware 6.1+ it was no longer observed.

Foscam FI9821W V2.1 Firmware Upgrade

I updated the firmware on several Foscam FI9821W V2.1 cameras on which there was such firmware version:
System Firmware Version: 1.5.2.11
Application Firmware Version: 2.21.1.127
Plug-In Version: 3.0.0.2

The camera receives an IP address via DHCP both via cable and Wi-Fi, so you can find out its IP in the router menu or on the same network as the camera by running the IP Camera Search Tool utility:
https://files.ixnfo.com/Soft/Network/Foscam/03_IP_Camera_Search_Tool.zip

The standard login admin without a password, the first time you connect it, you must change it and specify a new password.

Before the process of firmware download the archive with the firmware from here:
https://files.ixnfo.com/Firmware/Foscam/FI9821W_V2.1.zip

You can also see if there are newer firmware versions on the official site:
https://www.foscam.com/downloads/firmware_details.html?id=91

And so, open the web-interface of the camera by typing its IP-address in the browser.
Let’s see the firmware version on the first tab “Status“.

Next, open “System” – “System Upgrade“, click “Browse“, select the firmware file and click “System Upgrade” to start the upgrade process.
If the firmware in the camera is very old, as in my case, then it is necessary to update first the intermediate firmware (it is also in the archive in the directory “Older firmware V2.x.2.18” link above), and it is updated by two files, first Step1, later Step2.
Then you can sew the newest when I sewed it was FosIPC_B_app_ver2.x.2.23.

That’s all, after the camera firmware settings are not reset, I updated the firmware remotely.

Watch my video:

Installing Docker CE on Ubuntu

Docker CE – a software platform for deploying applications, packaging applications into a container, adding libraries and all the necessary dependencies to run the application, which allows you to quickly launch the code in almost any environment. There is a free version of Docker Community Edition (CE) and Enterprise Edition (EE).

Configuring Fail2Ban for Asterisk

On the test I will use Asterisk 13.1.0 and Fail2Ban 0.9.3-1 installed in Ubuntu Server 16.04.1 LTS.

Install Fail2Ban as I wrote in this article – Installing and Configuring Fail2ban

Open the configuration file Asterisk responsible for logging events in /var/log/asterisk/messages:

sudo nano /etc/asterisk/logger.conf

Add security to messages:

messages => notice,warning,error,security

Restart the asterisk logging system:

sudo asterisk -rvv
logger reload
quit

Add the Asterisk configuration file to the directory with the Fail2Ban configuration, thus activating the monitoring of its logs:

sudo nano /etc/fail2ban/jail.d/asterisk.conf

where 86400 in seconds = 24 hours, that is, the attacker will be blocked for a day.

[asterisk]
enabled = true
bantime = 86400

Or, change the file /etc/fail2ban/jail.conf where [asterisk-tcp] and [asterisk-udp] are false to true.

Restart fail2ban for the new configuration file to load:

sudo fail2ban-client reload

Let’s check the work:

sudo fail2ban-client status asterisk

Done, now Fail2Ban will block IP addresses from which the passwords to Asterisk accounts are not correctly entered.

Installing and Configuring Fail2ban

In this article, I will provide an example of how to install and configure Fail2ban.

Configuring Fail2Ban for ProFTPd

Suppose Fail2Ban is already installed, if not, then see my article – Installing and Configuring Fail2ban.

In Fail2Ban by default, there are already filters for ProFTPd and it knows that the log file is located at /var/log/proftpd/proftpd.log, so it’s enough to create the file:

sudo nano /etc/fail2ban/jail.d/proftpd.local

And enter the data below, thereby activating the check of the log file /var/log/proftpd/proftpd.log:

[proftpd]
enabled = true
bantime = 86400

Restart Fail2Ban to apply the changes:

sudo service fail2ban restart

You can check the status:

sudo fail2ban-client status proftpd

Windows Server 2008 R2 Backup and Restore

For example, I will make a backup copy of Windows Server 2008 R2 and describe the process by items:

1) Open the “Server Manager”.

2) Select “Features” – “Add Features”, check “Windows Server Backup” and “Command-line Tools”, click the “Install” button and wait for the installation to complete.

3) Open the “Start” menu and select “Windows Server Backup”.
For the test, I clicked “Backup Once”, in the window that appears, I select the “Custom” configuration type and ticked the C drive and all the oslat except for the other local disks if they are (for example, drive D) in the next window, you can select the storage type where the backup a copy, for example “Local disks” and specify drive D, or “Remote shared folder” and specify the path, I was just running Samba on one of the Linux servers, so I connected the network folder and chose this option.
See also my article – Installing and Configuring Samba on Linux

After the process is complete, the folder “WindowsImageBackup” with a backup will appear on the disk or network share.

To restore the system from this backup, you can similarly click the “Start” – “Windows Server Backup” menu and select this backup, or if the server does not start, then start the Windows startup disk, select “System Restore” and specify this backup.

Solution WARNING: The “syslog” option is deprecated

I noticed once a warning in the /var/log/samba/log. file:

[2018/04/13 20:51:05.280655,  1] ../lib/param/loadparm.c:1629(lpcfg_do_global_parameter)
  WARNING: The "syslog" option is deprecated

As reported, the “syslog” option is obsolete, and to prevent the warning from appearing, it must be removed from the configuration.

I opened the configuration file in a text editor:

sudo nano /etc/samba/smb.conf

Found this option:

syslog = 0

And commented on it:

#syslog = 0

After the changes you need to restart samba, you can do this:

sudo service samba restart
sudo restart smbd
sudo restart nmbd

After that, the warning no longer appeared.