commit
535a760f26
|
@ -16,7 +16,7 @@ else(ZM_TARGET_DISTRO STREQUAL "el7")
|
|||
endif(ZM_TARGET_DISTRO STREQUAL "el7")
|
||||
|
||||
# Download jscalendar & move files into position
|
||||
file(DOWNLOAD http://nbtelecom.dl.sourceforge.net/project/jscalendar/jscalendar/1.0/jscalendar-1.0.zip ${CMAKE_CURRENT_SOURCE_DIR}/jscalendar-1.0.zip LOG jsc_log STATUS download_jsc)
|
||||
file(DOWNLOAD http://skylineservers.dl.sourceforge.net/project/jscalendar/jscalendar/1.0/jscalendar-1.0.zip ${CMAKE_CURRENT_SOURCE_DIR}/jscalendar-1.0.zip LOG jsc_log STATUS download_jsc)
|
||||
#message(STATUS "Log of jscalender script was: ${jsc_log}")
|
||||
if(download_jsc EQUAL 0)
|
||||
message(STATUS "Jscalander successfully downloaded. Installing...")
|
||||
|
@ -26,15 +26,16 @@ else(download_jsc EQUAL 0)
|
|||
message(STATUS "Unable to download optional jscalander. Skipping...")
|
||||
endif(download_jsc EQUAL 0)
|
||||
|
||||
# Cambozola is now packaged in zmrepo
|
||||
# Download cambozola & move files into position
|
||||
file(DOWNLOAD http://www.andywilcock.com/code/cambozola/cambozola-0.931.tar.gz ${CMAKE_CURRENT_SOURCE_DIR}/cambozola-0.931.tar.gz STATUS download_camb)
|
||||
if(download_camb EQUAL 0)
|
||||
message(STATUS "Cambozola successfully downloaded. Installing...")
|
||||
execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/cambozola.sh WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} ERROR_VARIABLE untar_camb)
|
||||
message(STATUS "Status of cambozola script was: ${untar_camb}")
|
||||
else(download_camb EQUAL 0)
|
||||
message(STATUS "Unable to download optional Cambozola. Skipping...")
|
||||
endif(download_camb EQUAL 0)
|
||||
#file(DOWNLOAD http://www.andywilcock.com/code/cambozola/cambozola-0.931.tar.gz ${CMAKE_CURRENT_SOURCE_DIR}/cambozola-0.931.tar.gz STATUS download_camb)
|
||||
#if(download_camb EQUAL 0)
|
||||
# message(STATUS "Cambozola successfully downloaded. Installing...")
|
||||
# execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/cambozola.sh WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} ERROR_VARIABLE untar_camb)
|
||||
# message(STATUS "Status of cambozola script was: ${untar_camb}")
|
||||
#else(download_camb EQUAL 0)
|
||||
# message(STATUS "Unable to download optional Cambozola. Skipping...")
|
||||
#endif(download_camb EQUAL 0)
|
||||
|
||||
# Create several empty folders
|
||||
file(MAKE_DIRECTORY sock swap zoneminder zoneminder-upload events images temp)
|
||||
|
@ -53,6 +54,9 @@ install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/imag
|
|||
install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")")
|
||||
install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")")
|
||||
|
||||
# Link to Cambozola, which is now packaged in zmrepo
|
||||
install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")")
|
||||
|
||||
# Install auxillary files required to run zoneminder on CentOS
|
||||
install(FILES redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
if(ZM_TARGET_DISTRO STREQUAL "el7")
|
||||
|
|
|
@ -1,6 +1,22 @@
|
|||
================================================================================
|
||||
NEW INSTALLS
|
||||
================================================================================
|
||||
What's New
|
||||
==========
|
||||
|
||||
1. The ZoneMinder mysql account now requires "Create" permission. This change
|
||||
must be done manually before ZoneMinder will run. See the installation steps
|
||||
below.
|
||||
|
||||
2. A new permission group called "Groups" has been added. This allows the
|
||||
system administrator to assign "view", "edit", or "none" permission to
|
||||
normal users, without giving them access to the rest of the ZoneMinder
|
||||
system. During an upgrade, existing accounts will default to a Groups
|
||||
permission of "none".
|
||||
|
||||
3. This package now requires the HTTPS protocol to access the web portal.
|
||||
Requests using HTTP will auto-redirect to HTTPS. See README.https for
|
||||
more information.
|
||||
|
||||
New installs
|
||||
============
|
||||
|
||||
1. Unless you are already using MySQL server, you need to ensure that
|
||||
the server is confired to start during boot and properly secured
|
||||
|
@ -11,7 +27,8 @@
|
|||
sudo chkconfig mysqld on
|
||||
|
||||
2. Using the password for the root account set during the previous step, you
|
||||
will need to create the ZoneMinder database:
|
||||
will need to create the ZoneMinder database and configure a database
|
||||
account for ZoneMinder to use:
|
||||
|
||||
mysql -uroot -p
|
||||
mysql> create database zm;
|
||||
|
@ -21,20 +38,26 @@
|
|||
mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql
|
||||
mysqladmin -uroot -p reload
|
||||
|
||||
The database account credentials, zmuser/zmpass, are arbitrary. Set them to
|
||||
anything that suits your envinroment.
|
||||
|
||||
3. If you have chosen to change the zoneminder mysql credentials to something
|
||||
other than zmuser/zmpass then you must now edit /etc/zm.conf. Change
|
||||
ZM_DB_USER and ZM_DB_PASS to the values you created in step 2.
|
||||
|
||||
4. IMPORTANT: Edit /etc/php.ini and put in the appropriate timezone for
|
||||
date.timezone!
|
||||
4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
|
||||
timezone. PHP will complain loudly if this is not set, or if it is set
|
||||
incorrectly, and these complaints will show up in the zoneminder logging
|
||||
system as errors
|
||||
|
||||
5. The ZoneMinder web interface is disabled by default, you will need
|
||||
to edit this file to enable it:
|
||||
If you are not sure of the proper timezone specification to use, look at
|
||||
http://php.net/date.timezone
|
||||
|
||||
5. Verify the default ZoneMinder Apache configuration meets your needs:
|
||||
|
||||
/etc/httpd/conf.d/zoneminder.conf
|
||||
|
||||
HINT: Most users will want to simply delete the line that says
|
||||
"Deny from all".
|
||||
When in doubt, leave this configuration as it is.
|
||||
|
||||
6. Configure the web server to start automatically:
|
||||
|
||||
|
@ -45,8 +68,8 @@
|
|||
called local_zoneminder. A copy of this policy is in the documentation
|
||||
folder.
|
||||
|
||||
Unfortunately, this has not resolved all the SELinux issues so
|
||||
most will want to disable SELinux permanently by editing the following:
|
||||
It is still possible to run into SELinux issues, however. If this is case,
|
||||
you can disable SELinux permanently by editing the following:
|
||||
|
||||
/etc/selinux/conf
|
||||
|
||||
|
@ -66,27 +89,49 @@
|
|||
UPGRADES
|
||||
================================================================================
|
||||
|
||||
1. Add additional permissions to the zmuser account:
|
||||
1. Verify /etc/zm.conf.
|
||||
|
||||
If zm.conf was manually edited before running the upgrade, the installation
|
||||
may not overwrite it. In this case, it will create the file
|
||||
/etc/zm.conf.rpmnew.
|
||||
|
||||
For example, this will happen if you are using database account credentials
|
||||
other than zmuser/zmpass.
|
||||
|
||||
Compare /etc/zm.conf to /etc/zm.conf.rpmnew. Verify that zm.conf
|
||||
contains any new config settings that may be in zm.conf.rpmnew.
|
||||
|
||||
2. Verify permissions of the zmuser account.
|
||||
|
||||
Over time, the database account permissions required for normal operation
|
||||
have changed. Verify the zmuser database account has been granted select,
|
||||
insert, update, delete, lock tables, alter, and create permission to the
|
||||
ZoneMinder database:
|
||||
|
||||
mysql -u root -p
|
||||
grant lock tables,alter,create on zm.* to
|
||||
'zmuser'@localhost identified by 'zmpass';
|
||||
mysql> show grants for zmuser@localhost;
|
||||
mysql> exit;
|
||||
|
||||
Since this is an upgrade, the assumption is that the zmuser account exists
|
||||
and already has select, insert, update, and delete permission.
|
||||
See step 2 of the Installation section to add missing permissions.
|
||||
|
||||
3. Verify the ZoneMinder Apache configuration file in the folder
|
||||
/etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there
|
||||
may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file
|
||||
exists, inspect it and merge anything new in that file with zoneminder.conf.
|
||||
|
||||
4. Upgrade the database before starting ZoneMinder.
|
||||
|
||||
Most upgrades can be performed by executing the following command:
|
||||
|
||||
2. If you have previsouly changed the zoneminder mysql credentials to something
|
||||
other than zmuser/zmpass then you must now edit /etc/zm.conf. Change
|
||||
ZM_DB_USER and ZM_DB_PASS to their appropriate values.
|
||||
|
||||
3. You will need to upgrade the ZoneMinder database as described in the manual.
|
||||
Only if step 1 was succesfully applied, may you run zmupdate like so:
|
||||
|
||||
sudo zmupdate.pl --version=<from version>
|
||||
|
||||
|
||||
If unsure then run it this way:
|
||||
sudo zmupdate.pl
|
||||
|
||||
Recent versions of ZoneMinder don't require any parameters added to the
|
||||
zmupdate command. However, if ZoneMinder complains, you may need to call
|
||||
zmupdate in the following manner:
|
||||
|
||||
sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>
|
||||
|
||||
5. Now start zoneminder:
|
||||
|
||||
sudo service zoneminder start
|
||||
|
||||
|
|
|
@ -1,23 +1,21 @@
|
|||
|
||||
What's New
|
||||
==========
|
||||
|
||||
1. The Apache ScriptAlias has been changed from "/cgi-bin/zm/zms" to
|
||||
"/cgi-bin-zm/zms". This has been to done to avoid this bug:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=973067
|
||||
1. The ZoneMinder mysql account now requires "Create" permission. This change
|
||||
must be done manually before ZoneMinder will run. See the installation steps
|
||||
below.
|
||||
|
||||
IMPORTANT: ZoneMinder will not update this value during an upgrade. You must
|
||||
manually update ZM_PATH_ZMS yourself under Options. This does not affect
|
||||
new installs.
|
||||
2. A new permission group called "Groups" has been added. This allows the
|
||||
system administrator to assign "view", "edit", or "none" permission to
|
||||
normal users, without giving them access to the rest of the ZoneMinder
|
||||
system. During an upgrade, existing accounts will default to a Groups
|
||||
permission of "none".
|
||||
|
||||
2. During an rpm package upgrade, zmupdate.pl will now auto-update the database
|
||||
and the zonemidner service will restart automatically.
|
||||
|
||||
3. The ZoneMinder config file, zm.conf, has been moved under /etc/zm.
|
||||
|
||||
4. Systemd. CentOS 7 uses Systemd instead of the legacy Sys V Init. Under the
|
||||
hood, Systemd does things quite a bit differently. Prepare to go through a
|
||||
learning curve if you have not done so already.
|
||||
3. This package now requires the HTTPS protocol to access the web portal.
|
||||
Requests using HTTP will auto-redirect to HTTPS. See README.https for
|
||||
more information.
|
||||
|
||||
4. This package ships with the new ZoneMinder API enabled.
|
||||
|
||||
New installs
|
||||
============
|
||||
|
@ -36,7 +34,7 @@ New installs
|
|||
|
||||
mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql
|
||||
mysql -u root -p
|
||||
mysql> grant select,insert,update,delete,lock tables,alter, create
|
||||
mysql> grant select,insert,update,delete,lock tables,alter,create
|
||||
on zm.* to 'zmuser'@localhost identified by 'zmpass';
|
||||
mysql> exit;
|
||||
mysqladmin -u root -p reload
|
||||
|
@ -50,21 +48,22 @@ New installs
|
|||
step.
|
||||
|
||||
4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
|
||||
timezone. For whatever reason, PHP will complain loudly if this is not set,
|
||||
or if it is set incorrectly, and these complaints will show up in the
|
||||
zoneminder logging system as errors.
|
||||
timezone. PHP will complain loudly if this is not set, or if it is set
|
||||
incorrectly, and these complaints will show up in the zoneminder logging
|
||||
system as errors.
|
||||
|
||||
If you are not sure of the proper timezone specification to use, look at
|
||||
http://php.net/date.timezone
|
||||
|
||||
5. This package will automatically configure and install an SELinux policy
|
||||
called local_zoneminder. A copy of this policy is in the documentation
|
||||
folder.
|
||||
5. Disable SELinux
|
||||
|
||||
We currently do not have the resources to create and maintain an accurate
|
||||
SELinux policy for ZoneMinder on CentOS 7. We will gladly accept pull
|
||||
reqeusts from anyone who wishes to do the work. In the meantime, SELinux
|
||||
will need to be disabled or put into permissive mode.
|
||||
|
||||
Maintaining an accurate SELinux policy file that does not create issues has
|
||||
been a struggle. If SELinux blocks nortmal ZoneMinder acitivity, or you
|
||||
feel you just don't need it, SELinux can be disabled for the current running
|
||||
session with the following command:
|
||||
To immediately disbale SELinux for the current seesion, issue the following
|
||||
from the command line:
|
||||
|
||||
sudo setenforce 0
|
||||
|
||||
|
@ -99,7 +98,7 @@ Upgrades
|
|||
|
||||
2. Verify permissions of the zmuser account.
|
||||
|
||||
Overtime, the database account permissions required for normal operation
|
||||
Over time, the database account permissions required for normal operation
|
||||
have changed. Verify the zmuser database account has been granted select,
|
||||
insert, update, delete, lock tables, alter, and create permission to the
|
||||
ZoneMinder database:
|
||||
|
@ -108,20 +107,26 @@ Upgrades
|
|||
mysql> show grants for zmuser@localhost;
|
||||
mysql> exit;
|
||||
|
||||
3. Verify the database was upgraded automatically.
|
||||
See step 2 of the Installation section to add missing permissions.
|
||||
|
||||
From the web console, ZoneMinder should show a status of "Running", and the
|
||||
version number should have incremented.
|
||||
3. Verify the ZoneMinder Apache configuration file in the folder
|
||||
/etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there
|
||||
may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file
|
||||
exists, inspect it and merge anything new in that file with zoneminder.conf.
|
||||
|
||||
If it is not running, then try to start it. The web console will indicate
|
||||
if there is a database version conflict. If this is the case, then you may
|
||||
need to manually update the database from the command line:
|
||||
4. Upgrade the database before starting ZoneMinder.
|
||||
|
||||
Most upgrades can be performed by executing the following command:
|
||||
|
||||
sudo zmupdate.pl
|
||||
|
||||
Modern versions of ZoneMinder don't require any parameters added to the
|
||||
Recent versions of ZoneMinder don't require any parameters added to the
|
||||
zmupdate command. However, if ZoneMinder complains, you may need to call
|
||||
zmupdate in the following manner:
|
||||
|
||||
sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>
|
||||
|
||||
5. Now start zoneminder:
|
||||
|
||||
sudo systemctl start zoneminder
|
||||
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
HTTPS is now a requirement
|
||||
==========================
|
||||
|
||||
This package now depends on Apache's mod_ssl pacakge. This will automatically
|
||||
be installed along with ZoneMinder. Upon installation, the mod_ssl package
|
||||
will create a default, self-signed certificate. This is the certificate that
|
||||
ZoneMinder will use out of the box.
|
||||
|
||||
Since the certificate is self-signed, you will get a warning from your browser
|
||||
the first time you access the web portal. This is normal.
|
||||
|
||||
This is not intended to be an all encompasing solution for everyone. ZoneMinder
|
||||
will work just fine over HTTPS the way it is currently configured. However,
|
||||
here are a couple of considerations you may want to take.
|
||||
|
||||
1. Create your own certificate. The CentOS wiki has a guide that describes how
|
||||
to do this: https://wiki.centos.org/HowTos/Https . Additionally, Googling
|
||||
"centos certificate" reveals many articles on the subject. Note that some
|
||||
third party applications, such as zmNinja, will require you to create a
|
||||
certificate different than the default certificate on your machine.
|
||||
|
||||
2. You can turn off HTTPS entirely by simply commenting out the SSLRequireSSL
|
||||
directives found in /etc/httpd/conf.d/zoneminder.conf. You should also
|
||||
comment out the HTTP -> HTTPS Rewrite rule.
|
||||
|
|
@ -1,26 +1,26 @@
|
|||
# When using Zoneminder's own authentication, recorded CCTV images are
|
||||
# accessible from the web directly without passing the authentication. This
|
||||
# means any attacker could see your CCTV images without a password. In order
|
||||
# to avoid this you can disable Zoneminder's authentication and configure
|
||||
# standard Apache authentication (see the Apache documentation for details on
|
||||
# this).
|
||||
#
|
||||
# If you still wish to use Zoneminder's own authentication, or have an
|
||||
# internal site which needs no authentication, you need to delete the line
|
||||
# marked below and restart Apache.
|
||||
# ZoneMinder Apache configuration file
|
||||
# With SSLRequire and HTTPS auto redirect
|
||||
# Modify this configuration to suit your requirements
|
||||
#
|
||||
|
||||
# Auto Redirect HTTP requests to HTTPS
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTPS} !=on
|
||||
RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L]
|
||||
|
||||
Alias /zm "@ZM_WEBDIR@"
|
||||
<Directory "@ZM_WEBDIR@">
|
||||
SSLRequireSSL
|
||||
Options -Indexes MultiViews FollowSymLinks
|
||||
AllowOverride All
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
# ZoneMinder no longer uses short tags so this is safe to leave disabled
|
||||
# php_value short_open_tag 1
|
||||
</Directory>
|
||||
|
||||
ScriptAlias /cgi-bin/zm "@ZM_WEBDIR@"
|
||||
<Directory "@ZM_WEBDIR@">
|
||||
ScriptAlias /cgi-bin/zm "@ZM_CGIDIR@"
|
||||
<Directory "@ZM_CGIDIR@">
|
||||
SSLRequireSSL
|
||||
AllowOverride All
|
||||
Options ExecCGI FollowSymLinks
|
||||
Order allow,deny
|
||||
|
|
|
@ -30,8 +30,8 @@ BuildRequires: libcurl-devel vlc-devel ffmpeg-devel polkit-devel
|
|||
# cmake needs the following installed at build time due to the way it auto-detects certain parameters
|
||||
BuildRequires: httpd ffmpeg
|
||||
|
||||
Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo polkit net-tools psmisc
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo cambozola polkit net-tools mod_ssl
|
||||
Requires: psmisc perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip)
|
||||
Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP)
|
||||
Requires: libcurl vlc-core ffmpeg
|
||||
|
@ -96,8 +96,20 @@ echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wa
|
|||
/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null
|
||||
/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null
|
||||
|
||||
# Display the README for post installation instructions
|
||||
/usr/bin/less %{_docdir}/%{name}-%{version}/README.CentOS
|
||||
# Upgrade from a previous version of zoneminder
|
||||
if [ $1 -eq 2 ] ; then
|
||||
# Freshen the database
|
||||
/usr/bin/zmupdate.pl -f
|
||||
|
||||
# We can't run this automatically when new sql account permissions need to
|
||||
# be manually added first
|
||||
# Run zmupdate non-interactively
|
||||
#/usr/bin/zmupdate.pl --nointeractive
|
||||
fi
|
||||
|
||||
# Warn the end user to read the README file
|
||||
echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos to finish the\ninstallation or upgrade!\n"
|
||||
echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n"
|
||||
|
||||
%preun
|
||||
if [ $1 -eq 0 ]; then
|
||||
|
@ -119,7 +131,7 @@ rm -rf %{_docdir}/%{name}-%{version}
|
|||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc AUTHORS BUGS ChangeLog COPYING LICENSE NEWS README.md distros/redhat/README.CentOS distros/redhat/jscalendar-doc
|
||||
%doc distros/redhat/cambozola-doc distros/redhat/local_zoneminder.te
|
||||
%doc distros/redhat/local_zoneminder.te
|
||||
%config %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm.conf
|
||||
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/httpd/conf.d/zoneminder.conf
|
||||
%config(noreplace) /etc/logrotate.d/%{name}
|
||||
|
@ -170,6 +182,9 @@ rm -rf %{_docdir}/%{name}-%{version}
|
|||
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload
|
||||
|
||||
%changelog
|
||||
* Tue Sep 8 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
||||
- Require https, freshen dB on updates.
|
||||
|
||||
* Wed Feb 18 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
||||
- Include ONVIF support files
|
||||
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
# When using Zoneminder's own authentication, recorded CCTV images are
|
||||
# accessible from the web directly without passing the authentication. This
|
||||
# means any attacker could see your CCTV images without a password. In order
|
||||
# to avoid this you can disable Zoneminder's authentication and configure
|
||||
# standard Apache authentication (see the Apache documentation for details on
|
||||
# this).
|
||||
#
|
||||
# If you still wish to use Zoneminder's own authentication, or have an
|
||||
# internal site which needs no authentication, you need to delete the line
|
||||
# marked below and restart Apache.
|
||||
# ZoneMinder Apache configuration file
|
||||
# With SSLRequire and HTTPS auto redirect
|
||||
# Modify this configuration to suit your requirements
|
||||
#
|
||||
|
||||
# Auto Redirect HTTP requests to HTTPS
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTPS} !=on
|
||||
RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L]
|
||||
|
||||
Alias /zm "@ZM_WEBDIR@"
|
||||
<Directory "@ZM_WEBDIR@">
|
||||
SSLRequireSSL
|
||||
Options -Indexes +MultiViews +FollowSymLinks
|
||||
AllowOverride All
|
||||
<IfModule mod_authz_core.c>
|
||||
|
@ -22,12 +23,11 @@ Alias /zm "@ZM_WEBDIR@"
|
|||
Order deny,allow
|
||||
Allow from all
|
||||
</IfModule>
|
||||
# ZoneMinder no longer uses short tags so this is safe to leave disabled
|
||||
# php_value short_open_tag 1
|
||||
</Directory>
|
||||
|
||||
ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@"
|
||||
<Directory "@ZM_CGIDIR@">
|
||||
SSLRequireSSL
|
||||
AllowOverride All
|
||||
Options +ExecCGI +FollowSymLinks
|
||||
<IfModule mod_authz_core.c>
|
||||
|
@ -40,3 +40,4 @@ ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@"
|
|||
Allow from all
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
|
|
|
@ -32,8 +32,8 @@ BuildRequires: ffmpeg ffmpeg-devel perl(X10::ActiveHome) perl(Astro::SunTime)
|
|||
# cmake needs the following installed at build time due to the way it auto-detects certain parameters
|
||||
BuildRequires: httpd polkit-devel
|
||||
|
||||
Requires: httpd php php-gd php-mysql mariadb-server polkit net-tools psmisc
|
||||
Requires: libjpeg-turbo vlc-core libcurl
|
||||
Requires: httpd php php-gd php-mysql mariadb-server cambozola polkit net-tools mod_ssl
|
||||
Requires: psmisc libjpeg-turbo vlc-core libcurl
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip)
|
||||
Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP)
|
||||
|
@ -87,20 +87,27 @@ fi
|
|||
/usr/bin/gpasswd -a %{zmuid_final} video
|
||||
/usr/bin/gpasswd -a %{zmuid_final} dialout
|
||||
|
||||
# Disabled. SELinux policy does not work for RHEL 7.
|
||||
# Create and load zoneminder selinux policy module
|
||||
echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n"
|
||||
/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null
|
||||
/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null
|
||||
/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null
|
||||
#echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n"
|
||||
#/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null
|
||||
#/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null
|
||||
#/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null
|
||||
|
||||
# Upgrade from a previous version of zoneminder
|
||||
if [ $1 -eq 2 ] ; then
|
||||
# Freshen the database
|
||||
/usr/bin/zmupdate.pl -f
|
||||
|
||||
# We can't run this automatically when new sql account permissions need to
|
||||
# be manually added first
|
||||
# Run zmupdate non-interactively
|
||||
/usr/bin/zmupdate.pl --nointeractive
|
||||
#/usr/bin/zmupdate.pl --nointeractive
|
||||
fi
|
||||
|
||||
# Display the README for post installation instructions
|
||||
/usr/bin/less %{_docdir}/%{name}-%{version}/README.Centos7
|
||||
# Warn the end user to read the README file
|
||||
echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos7 to finish the\ninstallation or upgrade!\n"
|
||||
echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n"
|
||||
|
||||
%preun
|
||||
if [ $1 -eq 0 ] ; then
|
||||
|
@ -131,7 +138,7 @@ fi
|
|||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc AUTHORS BUGS ChangeLog COPYING LICENSE NEWS README.md distros/redhat/README.Centos7 distros/redhat/jscalendar-doc
|
||||
%doc distros/redhat/cambozola-doc distros/redhat/local_zoneminder.te
|
||||
%doc distros/redhat/local_zoneminder.te
|
||||
%config %attr(640,root,%{zmgid_final}) /etc/zm/zm.conf
|
||||
%config(noreplace) %attr(644,root,root) /etc/httpd/conf.d/zoneminder.conf
|
||||
%config(noreplace) /etc/tmpfiles.d/zoneminder.conf
|
||||
|
@ -184,6 +191,9 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Sep 7 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
||||
- Require https, disable selinux module, freshen dB on updates.
|
||||
|
||||
* Sun Feb 8 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
||||
- Initial release for CentOS 7.
|
||||
|
||||
|
|
|
@ -11,13 +11,13 @@ fi
|
|||
abort=false
|
||||
if [ -h /usr/share/zoneminder/www/events ]; then
|
||||
l=$(readlink /usr/share/zoneminder/www/events)
|
||||
if [ "$l" != "/var/cache/zoneminder/events" ]; then
|
||||
if [ "$l" != "/var/cache/zoneminder/events" -a "$l" != "/var/cache/zoneminder/events/" ]; then
|
||||
abort=true
|
||||
fi
|
||||
fi
|
||||
if [ -h /usr/share/zoneminder/www/images ]; then
|
||||
l=$(readlink /usr/share/zoneminder/www/images )
|
||||
if [ "$l" != "/var/cache/zoneminder/images" ]; then
|
||||
if [ "$l" != "/var/cache/zoneminder/images" -a "$l" != "/var/cache/zoneminder/images/" ]; then
|
||||
abort=true
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -18,6 +18,31 @@
|
|||
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
//
|
||||
|
||||
|
||||
// PP - POST request handler for PHP which does not need extensions
|
||||
// credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/
|
||||
|
||||
function do_post_request($url, $data, $optional_headers = null)
|
||||
{
|
||||
$params = array('http' => array(
|
||||
'method' => 'POST',
|
||||
'content' => $data
|
||||
));
|
||||
if ($optional_headers !== null) {
|
||||
$params['http']['header'] = $optional_headers;
|
||||
}
|
||||
$ctx = stream_context_create($params);
|
||||
$fp = @fopen($url, 'rb', false, $ctx);
|
||||
if (!$fp) {
|
||||
throw new Exception("Problem with $url, $php_errormsg");
|
||||
}
|
||||
$response = @stream_get_contents($fp);
|
||||
if ($response === false) {
|
||||
throw new Exception("Problem reading data from $url, $php_errormsg");
|
||||
}
|
||||
return $response;
|
||||
}
|
||||
|
||||
function getAffectedIds( $name )
|
||||
{
|
||||
$names = $name."s";
|
||||
|
@ -42,6 +67,28 @@ if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST[
|
|||
|
||||
if ( !empty($action) )
|
||||
{
|
||||
// PP - lets validate reCaptcha if it exists
|
||||
if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY && ZM_OPT_GOOG_RECAPTCHA_SITEKEY)
|
||||
{
|
||||
$url = 'https://www.google.com/recaptcha/api/siteverify';
|
||||
$fields = array (
|
||||
'secret'=> ZM_OPT_GOOG_RECAPTCHA_SECRETKEY,
|
||||
'response' => $_REQUEST['g-recaptcha-response'],
|
||||
'remoteip'=> $_SERVER['REMOTE_ADDR']
|
||||
|
||||
);
|
||||
$res= do_post_request($url, http_build_query($fields));
|
||||
$result = json_decode($res);
|
||||
if ($result->success != 'true')
|
||||
{
|
||||
userLogout();
|
||||
$view='login';
|
||||
$refreshParent = true;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// General scope actions
|
||||
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )
|
||||
{
|
||||
|
|
|
@ -20,6 +20,13 @@
|
|||
|
||||
xhtmlHeaders(__FILE__, translate('Login') );
|
||||
?>
|
||||
<!-- PP: Add recaptcha script if enabled -->
|
||||
<?php
|
||||
if (ZM_OPT_USE_GOOG_RECAPTCHA)
|
||||
{
|
||||
echo "<head> <script src='https://www.google.com/recaptcha/api.js'></script> </head>";
|
||||
}
|
||||
?>
|
||||
<body>
|
||||
<div id="page">
|
||||
<div id="header">
|
||||
|
@ -43,6 +50,13 @@ xhtmlHeaders(__FILE__, translate('Login') );
|
|||
</tbody>
|
||||
</table>
|
||||
<input type="submit" value="<?php echo translate('Login') ?>"/>
|
||||
<!-- PP: Added recaptcha widget if enabled -->
|
||||
<?php
|
||||
if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SITEKEY && ZM_OPT_GOOGLE_RECAPTCHA_SECRETKEY)
|
||||
{
|
||||
echo "<br/><br/><center> <div class='g-recaptcha' data-sitekey='".ZM_OPT_GOOG_RECAPTCHA_SITEKEY."'></div> </center>";
|
||||
}
|
||||
?>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue