Categories
User Guides Documentation exacqVision Enterprise Categories Products

exacqVision Enterprise Manager User Manual

exacqVision-Enterprise-Manager-User-Manual-24.03.pdf
Categories
Documentation Data Sheets exacqVision Enterprise Categories Products

exacqVision Enterprise Manager

Enterprise-Manager.pdf
Categories
Documentation Data Sheets Categories

exacqVision S-Series Network Video Storage

S-Series.pdf
Categories
User Guides Documentation exacqVision Enterprise Categories Products

exacqVision Enterprise

exacqVision-Enterprise-.pdf
Categories
Knowledge Support Support exacqVision Enterprise Categories Products

Solr vulnerability – CVE-2017-12629

Enterprise Manager

Enterprise Manager (formerly ESM) includes a version of Apache Solr which is vulnerable to attack allowing remote code execution.  Further information can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-12629

<br>

Mitigation: It is recommended that you follow the steps below appropriate for your Operating System.

For Windows

Note: File paths vary depending on installation, 64-bit or 32-bit.

<br>

  1. Launch services, then stop ‘solrJetty’
  2. Click the ‘Start’ button and type ‘Notepad.exe’.  Right-click notepad and select ‘Run as administrator’.
  3. Click ‘File’, then ‘Open’, and navigate to the following file based on your install location:
    • For 64-bit:”C:\exacqVisionESM\apache_solr\apache-solr\server\solr\collection1\conf\solrconfig.xml”
    • For 32-bit:”C:\exacqVisionESM\apache_solr\apache-solr\solr\collection1\conf\solrconfig.xml”
  4. Add the following highlighted section just above the “Function Parsers” line:
  5. If 64-bit, click ‘File’, then ‘Open’, and navigate to the following file: “C:\exacqVisionESM\apache_solr\apache-solr\bin\solr.cmd”
    • Find the line: set START_OPTS=%START_OPTS% !GC_TUNE! %GC_LOG_OPTS%
    • Below this line, add the following: set “START_OPTS=%START_OPTS% -Ddisable.configEdit=%true%”
  6. Save the file.
  7. Click ‘File’, then ‘Open’, and navigate to the following file based on your install location:
    • For 64-bit: Launch ‘regedit’ from start menu.
      • Go to HKEY_LOCAL_MACHINE->SYSTEM->ControlSet001->Services->solrJetty
      • Double click ImagePath
      • In value data put double quotes around C:\PROGRA~1\EXACQV~1\ENTERP~1\apache_solr/apache-solr\scripts\prunsrv.exe
    • For 32-bit: “C:\exacqVisionESM\apache_solr\apache-solr\scripts\serviceinstall.bat”
      • Find the entry:  ++JvmOptions=-XX:MaxPermSize=128M
      • Add a space after this entry and add: ++JvmOptions=-Ddisable.configEdit=true
      • Fine the quoted text: –Install=”C:\exacqVisionEsm\apache_solr/apache-solr\scripts\prunsrv.exe\”
      • Replace it with: –Install='”C:\exacqVisionEsm\apache_solr/apache-solr\scripts\prunsrv.exe\”‘
    • Note: Ensure there is a space after this entry.
  8. Save the file and close Notepad.
  9. Click the Windows ‘Start’ button and type ‘cmd’.  Right-click on “Command Prompt’ and select ‘Run as administrator’.
  10. Run the following two commands sequentially:
    • C:\exacqVisionEsm\apache_solr\apache-solr\scripts\serviceinstall.bat
    • C:\exacqVisionEsm\apache_solr\apache-solr\scripts\serviceinstall.bat INSTALL
  11. Launch services, then start ‘solrJetty’

<br>

For Linux

Note: File paths vary depending on installation, 64-bit or 32-bit.

  1. Open a Terminal.
  2. Stop ESMWebservice with the following command:
    • sudo /usr/local/exacq/esm/scripts/ESMWebservice stop
    • Enter your password and press “Enter”
  3. Open ‘gedit’ (or your preferred text editor) with ‘sudo’ privileges with the following command: sudo gedit
  4. Click ‘File’, then ‘Open’, and navigate to the following file based on your install location:
    • For 64bit: “/usr/local/exacq/esm/apache_solr/apache-solr/server/solr/collection1/conf/solrconfig.xml”
    • For 32bit: “/usr/local/exacq/esm/apache_solr/apache-solr/solr/collection1/conf/solrconfig.xml”
  5. Add the following highlighted section just above the “Function Parsers” line:
  6. Save the file.
  7. Click ‘File’, then ‘Open’, and navigate to the following file based on your install location:
    • For 64-bit: “/usr/local/exacq/esm/apache_solr/apache-solr/bin/solr”
      • Before the line that reads: SOLR_START_OPTS
      • Add the line: DISABLE_CONFIG_EDIT=”true”
      • Find the line with “${SOLR_HOST_ARG[@]}” “-Duser.timezone=$SOLR_TIMEZONE” \
      • Change the line to:
        “${SOLR_HOST_ARG[@]}” “-Duser.timezone=$SOLR_TIMEZONE” “-Ddisable.configEdit=$DISABLE_CONFIG_EDIT” \
    • For 32-bit:  “/usr/local/exacq/esm/apache_solr/apache-solr/scripts/ctl.sh”
      • After the line: SOLR_PID=””
      • Add a new line: DISABLE_CONFIG_EDIT=”true”
      • Change the line: SOLR=
      • To: SOLR=”$JAVABIN -Dsolr.solr.home=$SOLR_HOME -Djetty.logs=$INSTALL_PATH/logs/ -Djetty.home=$INSTALL_PATH/ -jar $INSTALL_PATH/start.jar $INSTALL_PATH/etc/jetty.xml -Ddisable.configEdit=$DISABLE_CONFIG_EDIT”
  8. Save the file and close gedit.
  9. Back in the terminal, run the following command
    • sudo /usr/local/exacq/esm/apache_solr/ctlscript.sh restart
  10. Restart ESMWebservice with the following command:
    • sudo /usr/local/exacq/esm/scripts/ESMWebservice start

<br>

Solr-vulnerability-CVE-2017-12629.pdf
Categories
Knowledge Support Support exacqVision Enterprise Categories Products

Modifying ESM Security Access

Tyco Security Solutions has confirmed a vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can be achieved and providing guidance on mitigation actions to avoid a potential exploit.

<br>

Scope:  This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system (except Windows Server). This issue does not impact Linux deployments with permissions that are not inherited from the root directory.

<br>

Mitigation:  The following mitigating steps are recommended for Windows 10 Desktop OS. Other versions of Windows may have different nomenclature, but the same mitigating steps are recommended.

<br>

Launch a command prompt with Administrator privileges, then run the following 4 commands sequentially:

  • cacls C:\exacqVisionESM /e /R “Authenticated Users”
  • cacls C:\exacqVisionESM\uninstall.exe /e /R “Authenticated Users”
  • cacls C:\exacqVisionESM\EnterpriseSystemManager /e /T /R “Authenticated Users”
  • cacls C:\exacqVisionESM\apache_solr /e /T /R “Authenticated Users”

<br>

Open the ‘Services’ applet and restart all of the following:

  • ESMImporter
  • ESMDatarolloff
  • ESMSendemail
  • ESMWebservice
  • solrJetty
  • solrApache

<br>

Fix:  Tyco Security Solutions is working on a fix that will be incorporated into a future version of the exacqVision ESM that will not require the foregoing manual mitigation process to be executed.

<br>

References: CPP-PSA-2019-01 – Please visit the Tyco Security Solutions, Cyber Protection website to register for and download security advisories.

<br>

Modifying-ESM-Security-Access.pdf
Categories
Knowledge Support Support exacqVision Enterprise Categories Products

Configuring live video streams in Enterprise Manager

Live video streaming is available in Enterprise Manager (EM), formerly known as Enterprise System Manager (ESM). This is useful for examining camera stream quality through the EM interface but also used for EM’s Camera Inspection feature.

Older versions relied on the ExacqVision Web Service to stream video, but beginning in ESM version 5.12, the ExacqVision Web Service is no longer required. Video is now directly streamed from the ExacqVision Server.

To accomplish this, the user account logged into Enterprise Manager must have specific privileges and permissions enabled.

NOTE: It is normally understood that Administrator accounts have privileges to perform everything possible. However, within Enterprise Manager live video streaming while logged in ad admin is prevented. This is both a function of the fact that EM admin accounts have no server account as well as a privacy feature. Instead, you will need to log into EM as a user other than the EM administrator. This account must have Live Viewing privileges to the cameras of interest.


Creating a User Account for Live Viewing

As mentioned above, the user you log into Enterprise Manager with must have Live Viewing privileges to the cameras of interest on each server involved. If you wish to provide access to existing users, be sure that they have Live Viewing Privileges enabled for any video inputs they need to view.

  1. Click on Users from the navigation menu.<br><br>
  2. Click on the Add User icon from the Users toolbar.
    <br><br>
  3. If creating a new user account, select a Server User Role with Live Viewing privileges. The pre-configured roles with Live Viewing privileges include:
    • Admin
    • Power User
    • Live Only
    • Live + Search<br><br>
  4. If you choose to create a Custom User Role, either on the server itself or through EM’s User Role’s page, enable Allow Live Viewing Privileges, and provide access to the specific video inputs under Permissions.
    <br><br>
  5. Select a role, as needed, for each ExacqVision Server or server group listed.<br><br>
  6. After making changes, allow some time for the changes to sync across your systems. <br><br>

Configuring a New Server for Live Viewing

  1. Click on Servers from the navigation panel.<br><br>
  2. Click the Add Server link.<br><br>
  3. Complete the information about the server as needed.<br><br>
  4. Enable the check box next to Enable Live Streaming.
    <br><br>
  5. Click Save to save your changes when done.<br><br>

Configuring an Existing Server for Live Viewing

  1. Click on Servers from the navigation panel.<br><br>
  2. From the Server List, locate the server of interest and click it to reach the system information page.<br><br>
  3. Click the Edit icon from the system toolbar.
    <br><br>
  4. Enable the check box next to Enable Live Streaming.
    <br><br>
  5. Click Apply to save your changes when done.<br><br>

Viewing Live Streams

  1. Login to Enterprise Manager as the non-Admin EM user.<br><br>
  2. Navigate to a camera, by one of the following:
    • Use the Cameras link from the navigation menu on the left, then click the Camera name from the Cameras List
    • From the Servers List, open the server details page of a particular server and scroll to the list of Cameras on that server, then click the link to the Camera name.<br><br>
  3. Once on the Camera details page, scroll to the Video Feed section.<br><br>
  4. Click on the Play Video icon to start streaming.

    NOTE: If the account you are logged into EM with does not have privileges to view live video a “No live privilege on the server” message will be displayed. See above information on creating or logging in with an appropriate account.<br><br>
  5. Selecting the link, Use current image as camera image, below the video feed will set the current view as a reference thumbnail at the top of the camera details page as well as provide a reference image when using the Camera Inspection tool within EM.
    <br><br>

<br>

Categories
Knowledge Support Support exacqVision Enterprise Categories Products

Distorted login page for deleted users actively on ESM webpage

Description

User that is deleted while logged into ESM browser, will see a distorted login page

<br>

Tested Version

1.11.2.50128

<br>

Platform

All.

<br>

Steps to reproduce

  • Log into ESM as a user.
  • With an ESM admin, delete the user from step above.

<br>

Expected result

User sees a login page.

<br>

Actual result

User sees a distorted layout login page.

<br>

Work around

Refresh the page.

<br>

Distorted-login-page-for-deleted-users-actively-on-ESM-webpage.pdf
Categories
Knowledge Support Support exacqVision Enterprise Categories Products

Changing the EM Web Service port

Enterprise Manager (EM), formerly known as Enterprise System Manager (ESM), uses Apache to provide the underlying web server.

During initial install a graphical dialogue will allow you to change your port numbers.

If you’ve already installed the application you may wish to perform this change manually.

The first step to manual editing is to find the location of the config file where the port numbers are held. This depends on both the platform (operating system) and version of the Web Service you have installed. The default installation location for the configuration file httpd.conf is as follows:

Windows:

  • HTTP:
    • C:\Program Files\exacqVision\EnterpriseManager\apache\conf\https.conf
  • HTTPS:
    • C:\Program Files\exacqVision\EnterpriseManager\apache\extra\httpd-ssl.conf

Linux:

  • HTTP:
    • /usr/local/exacq/em/apache/conf/httpd.conf
  • HTTPS:
    • /usr/local/exacq/em/apache/conf/extra/httpd-ssl.conf

<br><br>
Determine where this file is for your install before continuing.

Once you have found the file, open it using your editor of choice (be sure to do so with administrative privileges) and perform either of the following depending on its name:

For httpd.conf (HTTP port) and httpd-ssl.conf (HTTPS port):

  1. Find the Listen directive in the file
    • For example, if the current port is 80, the line should read Listen 80
  2. Modify the port number as desired
  3. Save the file and restart the following services:
    • ExacqVision Enterprise Manager Apache
    • ExacqVision Enterprise Manager Web Service

<br>

Categories
Knowledge Support Support exacqVision Enterprise Categories Products

ESM API api/docs does not support file upload/download

Description

If using esm api docs at /docs/api, any file upload/download action will not work.

The documentation does not even provide the correct input to upload/download files.

<br>

Version Introduced

v3.8.0.89234

<br>

Platform

All.

<br>

Steps to reproduce

  • Navigate to http://esmhost/docs/api, once fully loaded,
  • Click on system
  • Click on [GET] /api/system/logs/bundle/
  • Click on [Try it out!]

<br>

Expected result

  • File is downloaded during file download
  • Upload button/handle is provided to upload file

<br>

Actual result

  • Documentation page will just try to display the contents of the file on download.
  • There is no upload button/handler

<br>

Work around

  • Get logs using browser at http://esmhost/api/system/logs/bundle, OR use command line tools to get logs from http://esmhost/api/system/logs/bundle
  • This is the same for any other file upload or download

<br>

Version fixed

19.09.0

<br>

ESM-API-api-docs-does-not-support-file-upload-download.pdf