Merge branch 'master' into multi-server

Conflicts:
	configure.ac
pull/1088/head
Isaac Connor 2015-09-16 09:12:55 -04:00
commit 535a760f26
11 changed files with 278 additions and 112 deletions

View File

@ -16,7 +16,7 @@ else(ZM_TARGET_DISTRO STREQUAL "el7")
endif(ZM_TARGET_DISTRO STREQUAL "el7") endif(ZM_TARGET_DISTRO STREQUAL "el7")
# Download jscalendar & move files into position # Download jscalendar & move files into position
file(DOWNLOAD http://nbtelecom.dl.sourceforge.net/project/jscalendar/jscalendar/1.0/jscalendar-1.0.zip ${CMAKE_CURRENT_SOURCE_DIR}/jscalendar-1.0.zip LOG jsc_log STATUS download_jsc) file(DOWNLOAD http://skylineservers.dl.sourceforge.net/project/jscalendar/jscalendar/1.0/jscalendar-1.0.zip ${CMAKE_CURRENT_SOURCE_DIR}/jscalendar-1.0.zip LOG jsc_log STATUS download_jsc)
#message(STATUS "Log of jscalender script was: ${jsc_log}") #message(STATUS "Log of jscalender script was: ${jsc_log}")
if(download_jsc EQUAL 0) if(download_jsc EQUAL 0)
message(STATUS "Jscalander successfully downloaded. Installing...") message(STATUS "Jscalander successfully downloaded. Installing...")
@ -26,15 +26,16 @@ else(download_jsc EQUAL 0)
message(STATUS "Unable to download optional jscalander. Skipping...") message(STATUS "Unable to download optional jscalander. Skipping...")
endif(download_jsc EQUAL 0) endif(download_jsc EQUAL 0)
# Cambozola is now packaged in zmrepo
# Download cambozola & move files into position # Download cambozola & move files into position
file(DOWNLOAD http://www.andywilcock.com/code/cambozola/cambozola-0.931.tar.gz ${CMAKE_CURRENT_SOURCE_DIR}/cambozola-0.931.tar.gz STATUS download_camb) #file(DOWNLOAD http://www.andywilcock.com/code/cambozola/cambozola-0.931.tar.gz ${CMAKE_CURRENT_SOURCE_DIR}/cambozola-0.931.tar.gz STATUS download_camb)
if(download_camb EQUAL 0) #if(download_camb EQUAL 0)
message(STATUS "Cambozola successfully downloaded. Installing...") # message(STATUS "Cambozola successfully downloaded. Installing...")
execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/cambozola.sh WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} ERROR_VARIABLE untar_camb) # execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/cambozola.sh WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} ERROR_VARIABLE untar_camb)
message(STATUS "Status of cambozola script was: ${untar_camb}") # message(STATUS "Status of cambozola script was: ${untar_camb}")
else(download_camb EQUAL 0) #else(download_camb EQUAL 0)
message(STATUS "Unable to download optional Cambozola. Skipping...") # message(STATUS "Unable to download optional Cambozola. Skipping...")
endif(download_camb EQUAL 0) #endif(download_camb EQUAL 0)
# Create several empty folders # Create several empty folders
file(MAKE_DIRECTORY sock swap zoneminder zoneminder-upload events images temp) file(MAKE_DIRECTORY sock swap zoneminder zoneminder-upload events images temp)
@ -53,6 +54,9 @@ install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/imag
install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")")
install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")")
# Link to Cambozola, which is now packaged in zmrepo
install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")")
# Install auxillary files required to run zoneminder on CentOS # Install auxillary files required to run zoneminder on CentOS
install(FILES redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(FILES redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
if(ZM_TARGET_DISTRO STREQUAL "el7") if(ZM_TARGET_DISTRO STREQUAL "el7")

View File

@ -1,6 +1,22 @@
================================================================================ What's New
NEW INSTALLS ==========
================================================================================
1. The ZoneMinder mysql account now requires "Create" permission. This change
must be done manually before ZoneMinder will run. See the installation steps
below.
2. A new permission group called "Groups" has been added. This allows the
system administrator to assign "view", "edit", or "none" permission to
normal users, without giving them access to the rest of the ZoneMinder
system. During an upgrade, existing accounts will default to a Groups
permission of "none".
3. This package now requires the HTTPS protocol to access the web portal.
Requests using HTTP will auto-redirect to HTTPS. See README.https for
more information.
New installs
============
1. Unless you are already using MySQL server, you need to ensure that 1. Unless you are already using MySQL server, you need to ensure that
the server is confired to start during boot and properly secured the server is confired to start during boot and properly secured
@ -11,7 +27,8 @@
sudo chkconfig mysqld on sudo chkconfig mysqld on
2. Using the password for the root account set during the previous step, you 2. Using the password for the root account set during the previous step, you
will need to create the ZoneMinder database: will need to create the ZoneMinder database and configure a database
account for ZoneMinder to use:
mysql -uroot -p mysql -uroot -p
mysql> create database zm; mysql> create database zm;
@ -21,20 +38,26 @@
mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql
mysqladmin -uroot -p reload mysqladmin -uroot -p reload
The database account credentials, zmuser/zmpass, are arbitrary. Set them to
anything that suits your envinroment.
3. If you have chosen to change the zoneminder mysql credentials to something 3. If you have chosen to change the zoneminder mysql credentials to something
other than zmuser/zmpass then you must now edit /etc/zm.conf. Change other than zmuser/zmpass then you must now edit /etc/zm.conf. Change
ZM_DB_USER and ZM_DB_PASS to the values you created in step 2. ZM_DB_USER and ZM_DB_PASS to the values you created in step 2.
4. IMPORTANT: Edit /etc/php.ini and put in the appropriate timezone for 4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
date.timezone! timezone. PHP will complain loudly if this is not set, or if it is set
incorrectly, and these complaints will show up in the zoneminder logging
system as errors
5. The ZoneMinder web interface is disabled by default, you will need If you are not sure of the proper timezone specification to use, look at
to edit this file to enable it: http://php.net/date.timezone
5. Verify the default ZoneMinder Apache configuration meets your needs:
/etc/httpd/conf.d/zoneminder.conf /etc/httpd/conf.d/zoneminder.conf
HINT: Most users will want to simply delete the line that says When in doubt, leave this configuration as it is.
"Deny from all".
6. Configure the web server to start automatically: 6. Configure the web server to start automatically:
@ -45,8 +68,8 @@
called local_zoneminder. A copy of this policy is in the documentation called local_zoneminder. A copy of this policy is in the documentation
folder. folder.
Unfortunately, this has not resolved all the SELinux issues so It is still possible to run into SELinux issues, however. If this is case,
most will want to disable SELinux permanently by editing the following: you can disable SELinux permanently by editing the following:
/etc/selinux/conf /etc/selinux/conf
@ -66,27 +89,49 @@
UPGRADES UPGRADES
================================================================================ ================================================================================
1. Add additional permissions to the zmuser account: 1. Verify /etc/zm.conf.
If zm.conf was manually edited before running the upgrade, the installation
may not overwrite it. In this case, it will create the file
/etc/zm.conf.rpmnew.
For example, this will happen if you are using database account credentials
other than zmuser/zmpass.
Compare /etc/zm.conf to /etc/zm.conf.rpmnew. Verify that zm.conf
contains any new config settings that may be in zm.conf.rpmnew.
2. Verify permissions of the zmuser account.
Over time, the database account permissions required for normal operation
have changed. Verify the zmuser database account has been granted select,
insert, update, delete, lock tables, alter, and create permission to the
ZoneMinder database:
mysql -u root -p mysql -u root -p
grant lock tables,alter,create on zm.* to mysql> show grants for zmuser@localhost;
'zmuser'@localhost identified by 'zmpass'; mysql> exit;
Since this is an upgrade, the assumption is that the zmuser account exists See step 2 of the Installation section to add missing permissions.
and already has select, insert, update, and delete permission.
3. Verify the ZoneMinder Apache configuration file in the folder
/etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there
may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file
exists, inspect it and merge anything new in that file with zoneminder.conf.
4. Upgrade the database before starting ZoneMinder.
Most upgrades can be performed by executing the following command:
2. If you have previsouly changed the zoneminder mysql credentials to something sudo zmupdate.pl
other than zmuser/zmpass then you must now edit /etc/zm.conf. Change
ZM_DB_USER and ZM_DB_PASS to their appropriate values. Recent versions of ZoneMinder don't require any parameters added to the
zmupdate command. However, if ZoneMinder complains, you may need to call
3. You will need to upgrade the ZoneMinder database as described in the manual. zmupdate in the following manner:
Only if step 1 was succesfully applied, may you run zmupdate like so:
sudo zmupdate.pl --version=<from version>
If unsure then run it this way:
sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version> sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>
5. Now start zoneminder:
sudo service zoneminder start

View File

@ -1,23 +1,21 @@
What's New What's New
========== ==========
1. The Apache ScriptAlias has been changed from "/cgi-bin/zm/zms" to 1. The ZoneMinder mysql account now requires "Create" permission. This change
"/cgi-bin-zm/zms". This has been to done to avoid this bug: must be done manually before ZoneMinder will run. See the installation steps
https://bugzilla.redhat.com/show_bug.cgi?id=973067 below.
IMPORTANT: ZoneMinder will not update this value during an upgrade. You must 2. A new permission group called "Groups" has been added. This allows the
manually update ZM_PATH_ZMS yourself under Options. This does not affect system administrator to assign "view", "edit", or "none" permission to
new installs. normal users, without giving them access to the rest of the ZoneMinder
system. During an upgrade, existing accounts will default to a Groups
permission of "none".
2. During an rpm package upgrade, zmupdate.pl will now auto-update the database 3. This package now requires the HTTPS protocol to access the web portal.
and the zonemidner service will restart automatically. Requests using HTTP will auto-redirect to HTTPS. See README.https for
more information.
3. The ZoneMinder config file, zm.conf, has been moved under /etc/zm.
4. This package ships with the new ZoneMinder API enabled.
4. Systemd. CentOS 7 uses Systemd instead of the legacy Sys V Init. Under the
hood, Systemd does things quite a bit differently. Prepare to go through a
learning curve if you have not done so already.
New installs New installs
============ ============
@ -36,7 +34,7 @@ New installs
mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql
mysql -u root -p mysql -u root -p
mysql> grant select,insert,update,delete,lock tables,alter, create mysql> grant select,insert,update,delete,lock tables,alter,create
on zm.* to 'zmuser'@localhost identified by 'zmpass'; on zm.* to 'zmuser'@localhost identified by 'zmpass';
mysql> exit; mysql> exit;
mysqladmin -u root -p reload mysqladmin -u root -p reload
@ -50,21 +48,22 @@ New installs
step. step.
4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local 4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
timezone. For whatever reason, PHP will complain loudly if this is not set, timezone. PHP will complain loudly if this is not set, or if it is set
or if it is set incorrectly, and these complaints will show up in the incorrectly, and these complaints will show up in the zoneminder logging
zoneminder logging system as errors. system as errors.
If you are not sure of the proper timezone specification to use, look at If you are not sure of the proper timezone specification to use, look at
http://php.net/date.timezone http://php.net/date.timezone
5. This package will automatically configure and install an SELinux policy 5. Disable SELinux
called local_zoneminder. A copy of this policy is in the documentation
folder. We currently do not have the resources to create and maintain an accurate
SELinux policy for ZoneMinder on CentOS 7. We will gladly accept pull
reqeusts from anyone who wishes to do the work. In the meantime, SELinux
will need to be disabled or put into permissive mode.
Maintaining an accurate SELinux policy file that does not create issues has To immediately disbale SELinux for the current seesion, issue the following
been a struggle. If SELinux blocks nortmal ZoneMinder acitivity, or you from the command line:
feel you just don't need it, SELinux can be disabled for the current running
session with the following command:
sudo setenforce 0 sudo setenforce 0
@ -99,7 +98,7 @@ Upgrades
2. Verify permissions of the zmuser account. 2. Verify permissions of the zmuser account.
Overtime, the database account permissions required for normal operation Over time, the database account permissions required for normal operation
have changed. Verify the zmuser database account has been granted select, have changed. Verify the zmuser database account has been granted select,
insert, update, delete, lock tables, alter, and create permission to the insert, update, delete, lock tables, alter, and create permission to the
ZoneMinder database: ZoneMinder database:
@ -108,20 +107,26 @@ Upgrades
mysql> show grants for zmuser@localhost; mysql> show grants for zmuser@localhost;
mysql> exit; mysql> exit;
3. Verify the database was upgraded automatically. See step 2 of the Installation section to add missing permissions.
From the web console, ZoneMinder should show a status of "Running", and the 3. Verify the ZoneMinder Apache configuration file in the folder
version number should have incremented. /etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there
may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file
exists, inspect it and merge anything new in that file with zoneminder.conf.
If it is not running, then try to start it. The web console will indicate 4. Upgrade the database before starting ZoneMinder.
if there is a database version conflict. If this is the case, then you may
need to manually update the database from the command line: Most upgrades can be performed by executing the following command:
sudo zmupdate.pl sudo zmupdate.pl
Modern versions of ZoneMinder don't require any parameters added to the Recent versions of ZoneMinder don't require any parameters added to the
zmupdate command. However, if ZoneMinder complains, you may need to call zmupdate command. However, if ZoneMinder complains, you may need to call
zmupdate in the following manner: zmupdate in the following manner:
sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version> sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>
5. Now start zoneminder:
sudo systemctl start zoneminder

View File

@ -0,0 +1,25 @@
HTTPS is now a requirement
==========================
This package now depends on Apache's mod_ssl pacakge. This will automatically
be installed along with ZoneMinder. Upon installation, the mod_ssl package
will create a default, self-signed certificate. This is the certificate that
ZoneMinder will use out of the box.
Since the certificate is self-signed, you will get a warning from your browser
the first time you access the web portal. This is normal.
This is not intended to be an all encompasing solution for everyone. ZoneMinder
will work just fine over HTTPS the way it is currently configured. However,
here are a couple of considerations you may want to take.
1. Create your own certificate. The CentOS wiki has a guide that describes how
to do this: https://wiki.centos.org/HowTos/Https . Additionally, Googling
"centos certificate" reveals many articles on the subject. Note that some
third party applications, such as zmNinja, will require you to create a
certificate different than the default certificate on your machine.
2. You can turn off HTTPS entirely by simply commenting out the SSLRequireSSL
directives found in /etc/httpd/conf.d/zoneminder.conf. You should also
comment out the HTTP -> HTTPS Rewrite rule.

View File

@ -1,26 +1,26 @@
# When using Zoneminder's own authentication, recorded CCTV images are
# accessible from the web directly without passing the authentication. This
# means any attacker could see your CCTV images without a password. In order
# to avoid this you can disable Zoneminder's authentication and configure
# standard Apache authentication (see the Apache documentation for details on
# this).
# #
# If you still wish to use Zoneminder's own authentication, or have an # ZoneMinder Apache configuration file
# internal site which needs no authentication, you need to delete the line # With SSLRequire and HTTPS auto redirect
# marked below and restart Apache. # Modify this configuration to suit your requirements
#
# Auto Redirect HTTP requests to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L]
Alias /zm "@ZM_WEBDIR@" Alias /zm "@ZM_WEBDIR@"
<Directory "@ZM_WEBDIR@"> <Directory "@ZM_WEBDIR@">
SSLRequireSSL
Options -Indexes MultiViews FollowSymLinks Options -Indexes MultiViews FollowSymLinks
AllowOverride All AllowOverride All
Order allow,deny Order allow,deny
Allow from all Allow from all
# ZoneMinder no longer uses short tags so this is safe to leave disabled
# php_value short_open_tag 1
</Directory> </Directory>
ScriptAlias /cgi-bin/zm "@ZM_WEBDIR@" ScriptAlias /cgi-bin/zm "@ZM_CGIDIR@"
<Directory "@ZM_WEBDIR@"> <Directory "@ZM_CGIDIR@">
SSLRequireSSL
AllowOverride All AllowOverride All
Options ExecCGI FollowSymLinks Options ExecCGI FollowSymLinks
Order allow,deny Order allow,deny

View File

@ -30,8 +30,8 @@ BuildRequires: libcurl-devel vlc-devel ffmpeg-devel polkit-devel
# cmake needs the following installed at build time due to the way it auto-detects certain parameters # cmake needs the following installed at build time due to the way it auto-detects certain parameters
BuildRequires: httpd ffmpeg BuildRequires: httpd ffmpeg
Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo polkit net-tools psmisc Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo cambozola polkit net-tools mod_ssl
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: psmisc perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip) Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip)
Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP) Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP)
Requires: libcurl vlc-core ffmpeg Requires: libcurl vlc-core ffmpeg
@ -96,8 +96,20 @@ echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wa
/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null /usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null
/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null /usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null
# Display the README for post installation instructions # Upgrade from a previous version of zoneminder
/usr/bin/less %{_docdir}/%{name}-%{version}/README.CentOS if [ $1 -eq 2 ] ; then
# Freshen the database
/usr/bin/zmupdate.pl -f
# We can't run this automatically when new sql account permissions need to
# be manually added first
# Run zmupdate non-interactively
#/usr/bin/zmupdate.pl --nointeractive
fi
# Warn the end user to read the README file
echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos to finish the\ninstallation or upgrade!\n"
echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n"
%preun %preun
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
@ -119,7 +131,7 @@ rm -rf %{_docdir}/%{name}-%{version}
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc AUTHORS BUGS ChangeLog COPYING LICENSE NEWS README.md distros/redhat/README.CentOS distros/redhat/jscalendar-doc %doc AUTHORS BUGS ChangeLog COPYING LICENSE NEWS README.md distros/redhat/README.CentOS distros/redhat/jscalendar-doc
%doc distros/redhat/cambozola-doc distros/redhat/local_zoneminder.te %doc distros/redhat/local_zoneminder.te
%config %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm.conf %config %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm.conf
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/httpd/conf.d/zoneminder.conf %config(noreplace) %attr(644,root,root) %{_sysconfdir}/httpd/conf.d/zoneminder.conf
%config(noreplace) /etc/logrotate.d/%{name} %config(noreplace) /etc/logrotate.d/%{name}
@ -170,6 +182,9 @@ rm -rf %{_docdir}/%{name}-%{version}
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload
%changelog %changelog
* Tue Sep 8 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
- Require https, freshen dB on updates.
* Wed Feb 18 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1 * Wed Feb 18 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
- Include ONVIF support files - Include ONVIF support files

View File

@ -1,16 +1,17 @@
# When using Zoneminder's own authentication, recorded CCTV images are
# accessible from the web directly without passing the authentication. This
# means any attacker could see your CCTV images without a password. In order
# to avoid this you can disable Zoneminder's authentication and configure
# standard Apache authentication (see the Apache documentation for details on
# this).
# #
# If you still wish to use Zoneminder's own authentication, or have an # ZoneMinder Apache configuration file
# internal site which needs no authentication, you need to delete the line # With SSLRequire and HTTPS auto redirect
# marked below and restart Apache. # Modify this configuration to suit your requirements
#
# Auto Redirect HTTP requests to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L]
Alias /zm "@ZM_WEBDIR@" Alias /zm "@ZM_WEBDIR@"
<Directory "@ZM_WEBDIR@"> <Directory "@ZM_WEBDIR@">
SSLRequireSSL
Options -Indexes +MultiViews +FollowSymLinks Options -Indexes +MultiViews +FollowSymLinks
AllowOverride All AllowOverride All
<IfModule mod_authz_core.c> <IfModule mod_authz_core.c>
@ -22,12 +23,11 @@ Alias /zm "@ZM_WEBDIR@"
Order deny,allow Order deny,allow
Allow from all Allow from all
</IfModule> </IfModule>
# ZoneMinder no longer uses short tags so this is safe to leave disabled
# php_value short_open_tag 1
</Directory> </Directory>
ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@" ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@"
<Directory "@ZM_CGIDIR@"> <Directory "@ZM_CGIDIR@">
SSLRequireSSL
AllowOverride All AllowOverride All
Options +ExecCGI +FollowSymLinks Options +ExecCGI +FollowSymLinks
<IfModule mod_authz_core.c> <IfModule mod_authz_core.c>
@ -40,3 +40,4 @@ ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@"
Allow from all Allow from all
</IfModule> </IfModule>
</Directory> </Directory>

View File

@ -32,8 +32,8 @@ BuildRequires: ffmpeg ffmpeg-devel perl(X10::ActiveHome) perl(Astro::SunTime)
# cmake needs the following installed at build time due to the way it auto-detects certain parameters # cmake needs the following installed at build time due to the way it auto-detects certain parameters
BuildRequires: httpd polkit-devel BuildRequires: httpd polkit-devel
Requires: httpd php php-gd php-mysql mariadb-server polkit net-tools psmisc Requires: httpd php php-gd php-mysql mariadb-server cambozola polkit net-tools mod_ssl
Requires: libjpeg-turbo vlc-core libcurl Requires: psmisc libjpeg-turbo vlc-core libcurl
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip) Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip)
Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP) Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP)
@ -87,20 +87,27 @@ fi
/usr/bin/gpasswd -a %{zmuid_final} video /usr/bin/gpasswd -a %{zmuid_final} video
/usr/bin/gpasswd -a %{zmuid_final} dialout /usr/bin/gpasswd -a %{zmuid_final} dialout
# Disabled. SELinux policy does not work for RHEL 7.
# Create and load zoneminder selinux policy module # Create and load zoneminder selinux policy module
echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n" #echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n"
/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null #/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null
/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null #/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null
/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null #/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null
# Upgrade from a previous version of zoneminder # Upgrade from a previous version of zoneminder
if [ $1 -eq 2 ] ; then if [ $1 -eq 2 ] ; then
# Freshen the database
/usr/bin/zmupdate.pl -f
# We can't run this automatically when new sql account permissions need to
# be manually added first
# Run zmupdate non-interactively # Run zmupdate non-interactively
/usr/bin/zmupdate.pl --nointeractive #/usr/bin/zmupdate.pl --nointeractive
fi fi
# Display the README for post installation instructions # Warn the end user to read the README file
/usr/bin/less %{_docdir}/%{name}-%{version}/README.Centos7 echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos7 to finish the\ninstallation or upgrade!\n"
echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n"
%preun %preun
if [ $1 -eq 0 ] ; then if [ $1 -eq 0 ] ; then
@ -131,7 +138,7 @@ fi
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc AUTHORS BUGS ChangeLog COPYING LICENSE NEWS README.md distros/redhat/README.Centos7 distros/redhat/jscalendar-doc %doc AUTHORS BUGS ChangeLog COPYING LICENSE NEWS README.md distros/redhat/README.Centos7 distros/redhat/jscalendar-doc
%doc distros/redhat/cambozola-doc distros/redhat/local_zoneminder.te %doc distros/redhat/local_zoneminder.te
%config %attr(640,root,%{zmgid_final}) /etc/zm/zm.conf %config %attr(640,root,%{zmgid_final}) /etc/zm/zm.conf
%config(noreplace) %attr(644,root,root) /etc/httpd/conf.d/zoneminder.conf %config(noreplace) %attr(644,root,root) /etc/httpd/conf.d/zoneminder.conf
%config(noreplace) /etc/tmpfiles.d/zoneminder.conf %config(noreplace) /etc/tmpfiles.d/zoneminder.conf
@ -184,6 +191,9 @@ fi
%changelog %changelog
* Mon Sep 7 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
- Require https, disable selinux module, freshen dB on updates.
* Sun Feb 8 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1 * Sun Feb 8 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
- Initial release for CentOS 7. - Initial release for CentOS 7.

View File

@ -11,13 +11,13 @@ fi
abort=false abort=false
if [ -h /usr/share/zoneminder/www/events ]; then if [ -h /usr/share/zoneminder/www/events ]; then
l=$(readlink /usr/share/zoneminder/www/events) l=$(readlink /usr/share/zoneminder/www/events)
if [ "$l" != "/var/cache/zoneminder/events" ]; then if [ "$l" != "/var/cache/zoneminder/events" -a "$l" != "/var/cache/zoneminder/events/" ]; then
abort=true abort=true
fi fi
fi fi
if [ -h /usr/share/zoneminder/www/images ]; then if [ -h /usr/share/zoneminder/www/images ]; then
l=$(readlink /usr/share/zoneminder/www/images ) l=$(readlink /usr/share/zoneminder/www/images )
if [ "$l" != "/var/cache/zoneminder/images" ]; then if [ "$l" != "/var/cache/zoneminder/images" -a "$l" != "/var/cache/zoneminder/images/" ]; then
abort=true abort=true
fi fi
fi fi

View File

@ -18,6 +18,31 @@
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
// //
// PP - POST request handler for PHP which does not need extensions
// credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/
function do_post_request($url, $data, $optional_headers = null)
{
$params = array('http' => array(
'method' => 'POST',
'content' => $data
));
if ($optional_headers !== null) {
$params['http']['header'] = $optional_headers;
}
$ctx = stream_context_create($params);
$fp = @fopen($url, 'rb', false, $ctx);
if (!$fp) {
throw new Exception("Problem with $url, $php_errormsg");
}
$response = @stream_get_contents($fp);
if ($response === false) {
throw new Exception("Problem reading data from $url, $php_errormsg");
}
return $response;
}
function getAffectedIds( $name ) function getAffectedIds( $name )
{ {
$names = $name."s"; $names = $name."s";
@ -42,6 +67,28 @@ if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST[
if ( !empty($action) ) if ( !empty($action) )
{ {
// PP - lets validate reCaptcha if it exists
if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY && ZM_OPT_GOOG_RECAPTCHA_SITEKEY)
{
$url = 'https://www.google.com/recaptcha/api/siteverify';
$fields = array (
'secret'=> ZM_OPT_GOOG_RECAPTCHA_SECRETKEY,
'response' => $_REQUEST['g-recaptcha-response'],
'remoteip'=> $_SERVER['REMOTE_ADDR']
);
$res= do_post_request($url, http_build_query($fields));
$result = json_decode($res);
if ($result->success != 'true')
{
userLogout();
$view='login';
$refreshParent = true;
}
}
// General scope actions // General scope actions
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) ) if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )
{ {

View File

@ -20,6 +20,13 @@
xhtmlHeaders(__FILE__, translate('Login') ); xhtmlHeaders(__FILE__, translate('Login') );
?> ?>
<!-- PP: Add recaptcha script if enabled -->
<?php
if (ZM_OPT_USE_GOOG_RECAPTCHA)
{
echo "<head> <script src='https://www.google.com/recaptcha/api.js'></script> </head>";
}
?>
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
@ -43,6 +50,13 @@ xhtmlHeaders(__FILE__, translate('Login') );
</tbody> </tbody>
</table> </table>
<input type="submit" value="<?php echo translate('Login') ?>"/> <input type="submit" value="<?php echo translate('Login') ?>"/>
<!-- PP: Added recaptcha widget if enabled -->
<?php
if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SITEKEY && ZM_OPT_GOOGLE_RECAPTCHA_SECRETKEY)
{
echo "<br/><br/><center> <div class='g-recaptcha' data-sitekey='".ZM_OPT_GOOG_RECAPTCHA_SITEKEY."'></div> </center>";
}
?>
</form> </form>
</div> </div>
</div> </div>