To lock down Linux GRUB, complete the following steps:
<br>
Download the attachment lock-grub.sh.
Make it executable: chmod +x lock-grub.sh
Execute the script with your desired password: sudo ./lock-grub.sh admin256
<br>
This puts a password entry in /boot/grub/menu.lst as an md5 hash. If you want to change it after running this script, replace the hash with one created with grub-md5-crypt.
To disable automatic login on Linux, complete the following steps:
Log in to the Admin account.
Run Start -> System -> Administration -> Login Window.
After you enter the admin password, the Login Window Preferences dialog appears. On the Security tab, deselect Enable Automatic Login. You can also change the User to admin if you want to always login as admin; however, this is not recommended for security reasons.
All exacqVision video is timestamped in UTC, so there is no ambiguity as to the absolute time when the video was recorded. When exporting video, the time zone of the system on which the video was recorded is not stored. Starting with exacqVision version 3.4, two features were added to make this more transparent to the operators:
<br>
In exacqVision Client, an onscreen display shows the server time zone (in offset from UTC) along with the timestamp. If this option is not configured for the camera, the timestamp is shown in the client’s local time.
In ePlayer, the timestamp of the recorded video is shown in the time zone of the local computer on which it is playing, but the time zone offset is shown. Thus, if you watch a video on a computer set to EDT, you might see 2:00 (GMT-4:00), whereas the same video viewed on a computer in CDT would show 1:00 (GMT-5:00). The UTC timestamp is the same in both cases. Knowledge of the physical location of the recording server, which is clearly needed for evidentiary purposes, can correlate the local time of the machine on which the video is being watched to the local time of the server on which it was recorded.
On Linux systems, if a disk encounters a filesystem error, the physical drive may still be good but require a file system consistency check. Perform the following steps to attempt to correct this.
If the affected volume is a video storage volume:
Stop the ExacqVision server service. Open a Terminal window and enter: sudo service edvrserver stop<br><br>
Unmount the volume: sudo umount /mnt/edvr/X
Replace the ‘X’ with your volume number. Example: If you have a write error on /mnt/edvr/2, you would enter: sudo umount /mnt/edvr/2
NOTE: If this command fails, see Appendix below.<br><br>
Run fsck on this volume, again replacing ‘X’ with the volume number: sudo fsck -yv /mnt/edvr/X
This command will tell the system to automatically attempt to fix any issues it encounters. This may take minutes or several hours depending on the number of filesystem errors and the size of the volume. When completed, the Terminal will return to a prompt awaiting a new command. <br><br>
When you have run fsck on all the affected storage volumes, reboot the system by entering: reboot
OR
Return to the Desktop and use the power icon to restart the machine. The drives will remount upon boot up.<br>br>
<br>
Appendix
If drive fails to unmount, you will need to open the fstab file and comment out the mount point of the drive in question. sudo gedit /etc/fstab
You will need to place a‘#‘ character to the left of ‘Label=/mnt/edvr/X’
Save
Reboot the machine.
The drive that was commented out should not be mounted at this point.
Continue with step 3 above. Reminder: Do not forget to re-edit the fstab after the fsck is finished and remove the # you added.
<br>
What does fsck do?
The fsck command performs a consistency check and attempts to repair the filesystem from errors.
What causes filesystem errors?
When system processes or user activity require saving data or making changes to the filesystem, that data is first written to a buffer in memory (RAM). The system periodically moves the data waiting in the buffer to the hard disk. Therefore, at any moment, there is a difference between file changes waiting to be written to disk and what exists on the disks.
Filesystem errors and inconsistencies can develop due to hardware degradation, system halts, or unclean shutdowns. Sudden power loss and forced shutdowns occurring before the changes in the buffer are moved to permanent disk storage.
Components checked by fsck
Inodes Inodes contain metadata about a file, which includes information like: whether the file is read/write or read-only, the type of file, the user ID of the file owner, file creation and modification date and time, and the number of bytes in the file.
Data Blocks These contain the data that actually makes up the file.
Superblocks The superblock contains details about the filesystem, such as the state of the filesystem, the filesystem size, the filesystem name and volume name(s), path name of the mount point, and number of inodes. Every change to the inodes also requires changes to the superblock.
Unplug the system to power it down. Install the new disks and start the system.
After the system starts, log out of the Linux user account by selecting Start, Quit, and Logout. Log in as an Administrator.
Close the exacqVision Client. Run the disk partition utility from Start, System, Administration, and Partition Editor. If prompted for a password, use the Administrator account password.
At the top-right corner of the partition utility, open the Device drop-down menu.
Note the name of the device about 2GB or 4GB; this is the Linux flash drive that must NOT be altered for any reason.
Note the name of the other devices that are about the same size as the disk drives installed; if the system has a functional primary disk, skip to step 7 only on the new disk.
Start Terminal Serivces from Start, Accessories, and Terminal. Note: The commands included in the following steps are applicable to Ubuntu 10.04. Changes for Ubuntu 8.04 are noted.
For the first system disk only, perform the following steps:
Create a disk label by typing the following, where “X” is the device letter identified in step 4b:
sudo parted -s /dev/sdX mklabel gpt
Create a 20GB swap partition by typing the following:
Find the remaining free space by typing the following:
sudo parted -s /dev/sdX unit MB print free
Create a data partition on the rest of the disk by typing the following, where “XXXX” is the free disk space identified in step 6d. Note: Change ext4 to ext3 if on Ubuntu 8.04.
For the second system disk only, complete the following steps:
Create a disk label by typing the following, where “X” is the device letter identified in step 4b: sudo parted -s /dev/sdX mklabel gpt
Find the remaining free space by typing the following: sudo parted -s /dev/sdX unit MB print free
Create a data partition on the rest of the disk by typing the following, where “XXXX” is the free disk space identified in step 7b: Note: Change ext4 to ext3 if on Ubuntu 8.04.
If a new disk is being installed (instead of simply replacing a disk), label the directory in the file system:
Open the file system label file with a simple text editor: sudo nano /etc/fstab
Arrow down to the first blank line and add an entry for the new disk: Note: Change ext4 to ext3 if on Ubuntu 8.04. For the first disk only: LABEL=/mnt/edvr/1 /mnt/edvr/1 ext4 defaults 0 0 For the second disk only: LABEL=/mnt/edvr/2 /mnt/edvr/2 ext4 defaults 0 0
Press CTRL-X and then press Y to save the changes.
Refresh the partiaion labels by typing the following: sudo udevadm trigger
Remount all partitions by typing the following: sudo mount -a
Create directories on the export paritition by typing the following:
Restart the exacqVision service by typing the following: sudo/etc/init.d/edvrserver restart
Restart the system and confirm the drive operation in the exacqVision Client as shown in the figure. All systems should have /mnt/edvr/0 (the flash operating system drive). Then /mnt/edvr/1 is the first disk drive, followed by any additional drive, all of which should be shown in green.
The ExacqVision Client creates temporary files to locally store searched audio, video, and exported files. Temporary files are created in a directory specified by an environment variable. The following environment variables are searched in order to determine the path: TEMPDIR, TMP, TEMP, USERPROFILE.
On systems built after May 2018, these environmental variables usually point to a file location within the C:\ Primary partition on Windows systems. Windows systems built prior to this date would have a 30 GB partition on the first physical disk for the purpose of storing the temporary file directory.
If the allotted space is not sufficient for your searching and exporting requirements, you can move the temporary directory to another location. To do this, complete the following steps:
Run Start, Settings, Control Panel, System.
Select the Advanced tab.
Click the Environment Variables button.
Edit the first of the variables listed above to point to your new location.
The validation standard used in ExacqVision is known as HMAC, for Hashed Message Authentication Code, and uses a cryptographic hash and secret cryptographic key. HMAC is used by ExacqVision to verify the integrity of exported video.
The ExacqVision Client software calculates and writes out the message authentication code (MAC) during file export. The ExacqVision ePlayer later calculates a hash and verifies the MAC during authentication using SHA-256. The methodology ensures no alteration of the data as the hashed calculations are compared to be certain the hashes match.
To authenticate video in the ExacqVision ePlayer, select Authenticate from the Tools menu.
The following image shows a successful authentication:
Video may only be authenticated using the ExacqVision ePlayer. The ePlayer application is used to playback ExacqVision native files in .PS or .PSX file formats. It is also packaged in self-playing .EXE file exports. For more information on the features of exported file formats, refer to Article 1894.
To configure exacqVision Web Services older than version 7.8 on a Linux system, complete the following steps (instructions for previous versions can be found at the end of this article):
<br>
Install the exacqVisionWebService.deb file.
In a Terminal window, type the following to ensure the service starts every time the system is started: sudo /usr/local/exacq/webservice/service.sh automatic
Type the following to start the Web Server: sudo /usr/local/exacq/webservice/service.sh start
You should now be able to open a web browser on the server and type http://127.0.0.1 as the URL to access the Web Service. Click on the Web Service Configuration link in the bottom-right corner.
Enter the username admin and the password admin256 to log in.
Open the Servers page to add exacqVision servers or change settings for current servers. Click on Update Configuration and then confirm to restart the Web Service after each configuration change.
You can change the Web Service listen port on the Basic Service Configuration tab.
<br>
Versions 2.10 or earlier
To configure exacqVision Web Service version 2.10 or earlier on a Linux system, complete the following steps:
<br>
Install the exacqVisionWebService.deb file.
In a Terminal window, type the following: sudo /usr/local/exacq/webservice/service.sh stop. (If you see an “unable to resolve host” message, disregard it.)
Enter admin256 for password. When you enter the password, characters are not displayed on the screen; simply type the password and press Enter.
Type the following: sudo gedit /etc/webservice.conf.
Leave the IP address and port the same in this field.
If you want the Web Server to log in automatically without requiring a username and password, change PassthroughEnabled=0 to =1. Then enter the username and password that you would like to use. Be sure this is a valid user and password in the exacqVision software.
Click Save and close the text editor.
In the Terminal, type the following to ensure the service starts everytime the system is started: sudo /usr/local/exacq/webservice/service.sh automatic
Type the following to start the Web Server: sudo /usr/local/exacq/webservice/service.sh start
<br>
You should now be able to open a web browser on the server and type http://127.0.0.1 as the URL to open a login page (or passthrough page) with the option to run the simple or advanced interface.
To disable a drive in a Windows exacqVision Server via XML, complete the following steps:
<br>
Before editing any configuration files directly, stop your exacqVision Server. Open Control Panel and then the Administrative tools (you might have to select Classic View to see the option).
Open the Services link and find exacqVision Server. Right-click and select Stop.
Browse to the C:\Program Files\exacqVision\Server directory.
Right-click on the psfpi.xml file and select Open With.
Select Notepad or Wordpad from the list. The file will list your drives in text form.
Find the drive that you need to disable and change the Enabled=”1″ to Enabled=”0″.
