Tag: Linux

Categories
Knowledge Support Support exacqVision Client Categories Products

Stop Client from auto-starting in Linux

On systems with limited resources, or that just do not want the cient to start automatically, here are the steps.

Stop client from auto-starting in both admin and user account:

sudo mv /home/user/.config/autostart/evc.desktop /home/user/.config/autostart/evc.desktop.bak && sudo mv /home/admin/.config/autostart/evc.desktop /home/admin/.config/autostart/evc.desktop.bak

Stop client from auto-starting in both admin and user account seperately:

Admin:

sudo mv /home/user/.config/autostart/evc.desktop /home/user/.config/autostart/evc.desktop.bak

User:

sudo mv /home/admin/.config/autostart/evc.desktop /home/admin/.config/autostart/evc.desktop.bak

Reversal:

sudo mv /home/user/.config/autostart/evc.desktop.bak /home/user/.config/autostart/evc.desktop && sudo mv /home/admin/.config/autostart/evc.desktop.bak /home/admin/.config/autostart/evc.desktop 

Categories
Knowledge Support Support Categories exacqVision Hardware Products

Update Ubuntu Linux Software Using Command Line

Installing updates via Terminal

The commands are as follows:

apt update: Update is used to resynchronize the package index files from their sources on Ubuntu Linux via the Internet.
apt upgrade: Upgrade is used to install the newest versions of all packages currently installed on the Ubuntu system.

To update software list for Ubuntu

First, open the Terminal application and type following two commands (Application > Accessories > Terminal or CTL-ALT-T).

Type the following apt command:
sudo apt update

Install updates and patches on Ubuntu

sudo apt upgrade

ExacqVisions Official stance on Operating System Updates Https://support.exacq.com/#/knowledge-base/article/5144

Categories
Knowledge Support Support Categories Products exacqVision Hardware

ExacqVision stance on Operating System updates

The official stance of ExacqVision regarding security updates and auto-updates is they are off by default, because there is the potential risk of the NVR being rebooted during the update process which can stop video recording, so please plan accordingly!!!

ExacqVision cannot control the integrity of security patches or operating systems updates; therefore these off by default and leave it to the installation technician, IT staff or system owner to apply any updates or security patches to their ExacqVision Video Recorders.

Updating Windows Operating System Https://support.exacq.com/#/knowledge-base/article/5159

Updating Linux Operating System https://support.exacq.com/#/knowledge-base/article/5151

Categories
Knowledge Support Support exacqVision Client Categories Products

Missing ePlayer shortcut on Linux

Description

The ePlayer shortcut is missing from the menu. The player is still there and can be launched from the command line

<br>

Version Introduced

7.9.20

<br>

Platform

Linux

<br>

Steps to reproduce

  • Install client deb

<br>

Expected result

  • ePlayer shortcut under Exacq menu

<br>

Actual result

  • Only client shortcut under Exacq manu

<br>

Work Around

  1. Run ePlayer from commandline
  2. Downgrade to 7.8
  3. Run sudo xdg-desktop-menu install /usr/local/exacq/client/share/exacq-progs.directory /usr/local/exacq/client/share/exacq-player.desktop

<br>

Version Fixed

8.0.3 (when it comes out)

<br>

Keywords

eplayer, e-player, shortcut

Categories
Knowledge Support Support Categories Products exacqVision Hardware

Product Security Advisory – CVE-2021-3156

Overview
Ubuntu recently announced security vulnerabilities that impact the exacqVision Network Video Recorder versions which use the Ubuntu Linux operating system. These affect a built-in Linux application called “Sudo” which controls the provisioning of super user (administrator) access to the operating system which, under certain circumstances, could be leveraged by an attacker to achieve unauthorized privilege escalation. Johnson Controls recommends that customers apply the Ubuntu security updates to all affected exacqVision product deployments.

Impact
Under specific circumstances, a local attacker could use this issue to obtain unintended super user access to the underlying Ubuntu operating system.

Affected Versions
exacqVision is available in both Windows and Linux versions. This issue affects all unpatched versions of the Ubuntu operating system used on Linux based Z-Series and A-Series and all Q-Series, G-Series, Legacy LC-Series, and Legacy ELP-Series exacqVision Network Video Recorders (NVR), as well as Linux based C-Series Workstations and all S-Series Storage Servers.

Mitigation
Install the latest security updates for the Ubuntu operating system. Users may contact exacqVision technical support for assistance with updating their operating system.
https://exacq.com/support/techsupport/

Initial Publication
April 29, 2021

Last Published
April 29, 2021

Resources
Cyber Solutions Website – https://www.johnsoncontrols.com/cyber-solutions/security-advisories
CVE-2021-3156 – NIST National Vulnerability Database (NVD) and MITRE CVE® List
ICSA-21-119-03 – CISA ICS-CERT Advisories
Ubuntu Security Notice 1 – https://ubuntu.com/security/notices/USN-4705-1
Ubuntu Security Notice 2 – https://ubuntu.com/security/notices/USN-4705-2


Ubuntu 18.04 and 16.04 Update Instructions

From the Ubuntu Desktop, click on “Applications > System Tools > Terminal”

Ensure your system can access the internet. Run the following command to update the available software from Ubuntu’s repository.

sudo apt upgrade

To update all packages (including kernel updates), run the following command:

sudo apt dist-upgrade

NOTE: Alternatively, to only update what’s necessary to address this vulnerability, run the following command:

sudo apt upgrade sudo

You will be prompted asking if you would like to continue, type ‘Y’ and hit ‘Enter’.

Categories
Knowledge Support Support exacqVision Client exacqVision Server Categories Products

Frequent Restarts on Linux Systems Archiving over Slow Network

Linux-based exacqVision servers could reboot frequently in certain conditions:

  1. Linux operating system
  2. Active hardware monitoring
  3. Archiving over a slow network (WAN or other network with limited resources)

This issue was fixed in version 6.3.33.65575, and it is available in public release 6.4.

To work around this issue in affected versions, complete the following steps to configure an archiving SMB share:

  1. In exacqVision Client, delete the currently enabled archive task. DO NOT disable the archive target.
  2. Open the /etc/fstab file on the server for editing.
  3. Locate the line with mount paths for the archive target.
  4. Add a flag to the comma-separated section of the line specifying other flags (normally, this should immediately follow rw). The flag added depends on the Linux kernel version used:

    Linux kernel 3.0-3.1 (archiving performance will be impacted)

    //10.16.2.4/disk1 /mnt/10.16.2.4.disk1 cifs _netdev,username=admin,password=admin256,rw,forcedirectio 0 0

    Linux kernel 3.2-3.7 (archiving performance will NOT be impacted if oplocks are supported on the archive target)

    //10.16.2.4/disk1 /mnt/10.16.2.4.disk1 cifs _netdev,username=admin,password=admin256,rw,strictcache 0 0

    Linux kernel 3.8 and later

    //10.16.2.4/disk1 /mnt/10.16.2.4.disk1 cifs _netdev,username=admin,password=admin256,rw,cache=strict 0 0
  5. Save the changes to the /etc/fstab file.
  6. Via shell terminal, execute umount [share path]. For example:

    sudo umount /mnt/10.16.2.4.disk1
  7. Via shell terminal, execute sudo mount -a.
  8. Verify that step 5 was implemented correctly by executing cat /proc/mounts in the shell terminal and locating the line corresponding to the share (such as “directio” if you used the forcedirectio option for kernel 3.0-3.1).
  9. In exacqVision Client, re-create the archive task.
Categories
exacqVision Client Categories Products

Video Displayed in Only One Video Window in Multi-window Layout in Linux (OpenGL Issue)

An old exacqVision system with Supermicro C2 installed has been seen to display video in only one of 16 video panels in 4×4 mode. Changing the VGA Acceleration mode from Auto to None resolved the issue.

Categories
Knowledge Support Support exacqVision Server Categories Products

Archiving Stalls on Linux-based exacqVision Systems

Archiving from a Linux-based exacqVision system over a wide-area network (WAN) can stall in a Writing Files status for over an hour. If you believe a system is affected, verify the following conditions and symptoms:

  1. Linux kernel version 3.0 or later. Previous versions are not believed to be affected. (To determine the kernel version, run uname -r in the shell of the server.)
  2. The archive connection to the target is over a WAN in which disconnects are possible.
  3. The archive task status has not been updated in more than one hour. (In exacqVision 6.6 and later, the Status section on the Archiving page displays a State of “Failed — Target File Write Stalled.”)
  4. The currently archived file is not increasing in size. (To determine this, click on the details on the Archive page, note the Last Copied Content value, and navigate to the path of that content on the archive target. Verify whether the .workingps file is increasing in size periodically.)

<br>

This issue can be minimized by enabling strict caching mode and changing the cifs_max_pending cifs module parameter to 2 for Linux kernel 3.2 and later. To do this, complete the following steps:

  1. Open the /etc/fstab file on the server for editing.
  2. Locate the line with mount paths for the archive target.
  3. Add a flag to the comma-separated section of the line specifying other flags (normally, this should immediately follow rw). The flag added depends on the Linux kernel version used:

    Linux kernel 3.2-3.7 (archiving performance will NOT be impacted if oplocks are supported on the archive target):

    //10.16.2.4/disk1 /mnt/10.16.2.4.disk1 cifs _netdev,username=admin,password=admin256,rw,strictcache 0 0

    Linux kernel 3.8 and later:

    //10.16.2.4/disk1 /mnt/10.16.2.4.disk1 cifs _netdev,username=admin,password=admin256,rw,cache=strict 0 0
  4. Save the changes to the /etc/fstab file.
  5. Via shell terminal, execute umount [share path]. For example:

    sudo umount /mnt/10.16.2.4.disk1
  6. Via shell terminal, execute sudo mount -a.
  7. Disable all archive targets (do not delete them).
  8. Stop using any other cifs mounts on the system.
  9. Unmount all cifs mounts using umount [path].
  10. Create a file named /etc/modprobe.d/cifs.conf with a line options cifs cifs_max_pending=2 (this persists the value across restarts).
  11. Unload the cifs module using sudo rmmod cifs.
  12. Reload cifs with a new parameter: sudo modprobe cifs cifs_max_pending=2.
  13. Verify the new value using cat /sys/module/cifs/parameters/cifs_max_pending.
  14. Enable the archive targets.
  15. Remount all other cifs shares.

<br>

If this procedure does not resolve the stalling issue, disable cifs client-side caching (this will impact archiving performance). You can try this in one of two ways:

  1. Open the /etc/fstab file on the server for editing.
  2. Locate the line with mount paths for the archive target.
  3. Add a flag to the comma-separated section of the line specifying other flags (normally, this should immediately follow rw). The flag added depends on the Linux kernel version used:

    Linux kernel 3.2-3.7 (archiving performance will NOT be impacted if oplocks are supported on the archive target):

    //10.16.2.4/disk1 /mnt/10.16.2.4.disk1 cifs _netdev,username=admin,password=admin256,rw,forcedirectio 0 0

    Linux kernel 3.8 and later:

    //10.16.2.4/disk1 /mnt/10.16.2.4.disk1 cifs _netdev,username=admin,password=admin256,rw,cache=none 0 0

<br>

Alternatively, you can enable strict caching mode on kernel 3.2 and later and also disable oplocks on the archive target. (NOTE: Strict caching mode is enabled automatically in exacqVision Server 6.6 and later.)

<br>

If you are using an exacqVision S-Series server (or other Samba-based server), oplocks can be disabled globally for all shares, or per share by adding the following lines to the appropriate section of the /etc/samba/smb.conf file:

oplocks=no
level2 oplocks=no

<br>

NOTE: If your environment’s configuration cannot tolerate the performance implications of disabled SMB caching (see above), you can use NFS protocol for archiving instead of SMB. Be aware that there is no username and password protection with the NFS option. Use this Knowledge Base article to configure NFS archiving.

Categories
Knowledge Support Support exacqVision Server Categories Products

Enabling Onboard Keyboard in exacqVision Ubuntu 10.04 and 12.04 Images

In 2013, the exacqVision Ubuntu 10.04 image was rebuilt, and the onboard keyboard configuration was not in included in the rebuild. Affected images can be easily identified by the Exacq wallpaper displayed on the Desktop. Also, because of an issue with onboard packages found in the Ubuntu repository, the onscreen keyboard was not included in exacqVision 12.04 images created before April 2015.

To enable the onboard keyboard, you must install one of the attached scripts for your Ubuntu version using the following instructions.

<br>

Ubuntu 10.04

To install the 10.04 image, complete the following steps:

  1. Log in to the system as an administrator.
  2. Download the ConfigOnboardKeyboard.sh script attached to this article and save it to the /tmp directory.
  3. Open a Terminal window and type cd /tmp.
  4. Change the script to executable by running chmod 775 ConfigOnboardKeyboard.sh.
  5. Run sudo ./ConfigOnboardKeyboard.sh.
  6. Restart the server.

The onboard keyboard can now be opened by clicking the center key of the mouse.

<br>

Ubuntu 12.04

NOTE: The 12.04 image can also run a script, but it must be run from the local admin account. New packages from a PPA repository are added, which means Internet access is required.

The 12.04 script does the following:

  1. Adds a PPA repository for onboard with updated packages.
  2. Installs onboard and supporting packages.
  3. Updates the LightDM login screen to show the user accessibility applet.
  4. Adds an onboard applet icon to top panel of the user account. The onboard keyboard can be run from that panel.

<br>

To install the 12.04 image, complete the following steps:

  1. Log in to the system as an administrator.
  2. Download the 1204ConfigOnboardKeyboard.sh script attached to this article and save it to the /tmp directory.
  3. Open a Terminal window and type cd /tmp.
  4. Change the script to executable by running chmod 775 12.04ConfigOnboardKeyboard.sh.
  5. Run sudo ./12.04ConfigOnboardKeyboard.sh.
  6. Close the Terminal window.
  7. Log out as the administrator and return to the LightDM login screen. The Universal Access icon is located in the top right of the panel. Click the icon for access to the onboard keyboard.
  8. When logged in to the user account, the onboard icon appears in the top panel. You can move the keyboard around using the cross double arrow key on the right side of the keyboard.
  9. When logged in as the administrator, the onboard keyboard is disabled by default. You must click on the onboard keyboard shortcut on the Desktop.

<br>

ConfigOnboardKeyboard Link: https://support.americandynamics.net/#/file-manager/file/00bde78e-6b3d-4f59-91bb-2769c0d6e0ba/config-onboard-keyboard-sh

<br>

1204ConfigOnboardKeyboard Link: https://support.americandynamics.net/#/file-manager/file/c9764721-227b-4350-a354-10a09448bf8e/1204-config-onboard-keyboard-sh

Categories
Knowledge Support Support exacqVision Server Categories Products

Long-duration Archive Operations Delay or Stall Other Server Operations in Linux

Symptoms

When you configure archiving in a slow network environment or archive very large files, other server operations can be delayed or stalled. This can happen in any of the following situations:

  1. Archiving files over 1GB (the larger the file, the longer the delay)
  2. Archiving across a 10 Mbps connection or similar slow connection
  3. Archiving through a slow switch
  4. Archiving over DSL or other slow Internet service
  5. Configuring auto-export to an SMB network share located on a separate slow network

<br>

This situation can cause the following operations to be delayed indefinitely:

  1. Server shutdown.
  2. Notification e-mails used with event linking.
  3. Test Profile action while notification profiles are being configured.
  4. Display of updated drive and media status when Auto Export Media Refresh is activated in exacqVision Client.
  5. Burning to disc as part of auto-export profile used with event linking.
  6. Storage alarms as a result of Disk/RAID status monitoring (detecting disks or RAID volume configuration changes or monitoring SMART attributes).
  7. Configuration of RAID hot spares.
  8. Searching Active Directory to locate domain users or groups.
  9. Detection of display names for mapped Active Directory users/groups.
  10. Binding to Active Directory.
  11. Disconnection of connected clients and failed connection/re-connection attempts (related to Active Directory).
  12. IPC socket error log messages (related to Active Directory).
  13. Configuration of network interfaces.
  14. Configuration of archiving.

<br>

Affected Versions

This issue affects Linux-based exacqVision Desktop systems. This does not affect Windows or exacqVision Edge.

<br>

Workaround

The issues described in this article can be minimized through careful scheduling of archive tasks to avoid conflicts with other server operations. You can also archive to a target other than an SMB location.