Convert your Linux box into a surveillance device

This article is on how to convert your Linux box into a surveillance device.

Let us get started with a test record.

The following code is a good example to record video on CentOS 6.10 via command line.  Login to your CentOS 6 server via SSH and run the following command. Type q to quit recording.

ffmpeg -f v4l2 -framerate 25 -video_size 640_480 -i /dev/video0 Videos/ffmpeg_video_2018-10-09_13-15-10.mp4

References

https://trac.ffmpeg.org/wiki/Capture/Webcam

how to install a git lab instance on custom ssh and ssl ports

This post explains how to install a git lab instance on custom SSH and SSL ports.

For our example, we will install Git Lab Enterprise Edition onto a CentOS 7.

The Git Lab creators have provided detailed instructions on their website; please follow it if you have not already.  Git Lab installation methods

Login to your CentOS 7 instance via SSH.  Edit /etc/ssh/sshd_config using your favorite text file editor. I like both vi and nano and change line Port 22  to match your custom port. E.g., Port 3004. Save and run systemctl restart sshd or service sshd restart. Exit.

Re login to CentOS7 instance with new port again ( which looks like ssh user@centos7 -p NEW_PORT_NUMBER, ) to check if the changes have taken effect. If you don’t see any error and you login successfully, you have successfully changed SSH port for your instance.

Now edit /etc/gitlab/gitlab.rb to tell git lab what port to use to connect via secure port on a browser and a custom port via SSH.

Edit line that starts with external_url= and change it to something like external_url=https://ns79.a1z.us:3002

Add the following line gitlab_rails['gitlab_shell_ssh_port'] = 3004 to the file and save.  Make sure you change both port numbers above to ones of your choice or need.

Run gitlab-ctl reconfigure for changes to take effect.

Now go back to your Git Lab instance and check if the port number for secure URL looks like this https://ns79.a1z.us:3002/user10/get-file-hash.git  and port number for SSH URL matches the one you put in. It should look similar to ssh://git@ns79.a1z.us:3004/user10/get-file-hash.git.

If so, you are done with changes on the server side!

The following is an example showing how to add a custom ssh repository URL and publish to it from a windows power shell command line.

(By the way, this is a real and usable code for your Internet Information Services server instance.  Here is the URL: Get File Hash )

PS C:\inetpub\wwwroot\get-file-hash> git remote add ns79_ssh ssh://git@ns79.a1z.us:3004/user10/get-file-hash.git 
PS C:\inetpub\wwwroot\get-file-hash> git remote show ns79_ssh 
The authenticity of host '[ns79.a1z.us]:3004 ([162.198.33.37]:3004)' can't be established. 
ECDSA key fingerprint is SHA256:0H9phyOIOag7cWP5MeZtYMhi5sOi6UhrmXQVjC129oI. 
Are you sure you want to continue connecting (yes/no)? yes 
Warning: Permanently added '[ns79.a1z.us]:3004,[162.198.33.37]:3004' (ECDSA) to the list of known hosts. 
* remote ns79_ssh 
  Fetch URL: ssh://git@ns79.a1z.us:3004/user10/get-file-hash.git 
  Push URL: ssh://git@ns79.a1z.us:3004/user10/get-file-hash.git 
  HEAD branch: (unknown) 
PS C:\inetpub\wwwroot\get-file-hash> git push -u ns79_ssh master Counting objects: 7, done. 
Delta compression using up to 2 threads. 
Compressing objects: 100% (6/6), done. 
Writing objects: 100% (7/7), 2.83 KiB | 414.00 KiB/s, done. 
Total 7 (delta 0), reused 0 (delta 0) 
To ssh://ns79.a1z.us:3004/user10/get-file-hash.git 
 * [new branch] master -> master Branch 'master' set up to track remote branch 'master' from 'ns79_ssh'. 
PS C:\inetpub\wwwroot\get-file-hash>

Congratulate yourself for successfully installing a git lab instance on custom SSH and SSL ports!

 

PC Access – Convert your windows computer into a document/image server

How to access your personal computer from anywhere outside your home with an internet connection

This blog explains how to access your personal computer from anywhere outside your home with an internet connection

PCAccessFree screenshot

How much space is occupied by AccessYourPC software?

  • Internet Information Services and Web Platform Installer: Unknown.
  • Strawberry Perl: 600 MB.
  • AccessYourPC Software: 40.0 KB (40,960 bytes)

What does it do? This software helps you access your personal computer from anywhere outside your home with an internet connection.

It immediately provides you access to the PC this software is installed on from all PCs on the same network at home on your favorite web browser. This is the suggested use of this software.

In order to access your PC from outside your home, you need to open ports (80/443) on your Modem/Router firewall which in turn makes that PC accessible/vulnerable to the outside world. Here is a link for instructions on how to open your router ports, for example, from a Linksys router.

Disclaimer: This software is given free of charge in the hope that it will be useful. It comes with no warranties or guaranties. Help/Support is available at a1z.us (Letter A number 1 letter Z .us)

Installation instructions

1. Install IIS Web Server

  • A. Install Web Platform Installer with default settings
  • B. Install Internet Information services – Recommended Configuration

2. Enable https: Instructions at Microsoft Support Website .

3. Install Strawberry Perl:

4. Set Handler Mapping to .cgi scripts.

IIS 4, 5, and 6 on Windows XP, Windows Vista or Windows 7:

Click Start, click Programs, click Administrative Tools, and then click Internet Information Services.

Right-click a Web site that you want to enable PERL for, and then click Properties. Click the Home Directory tab. Click Configuration. Click Add.

In the Executable box, type the following: C:\Strawberry\perl\bin\perl5.26.1.exe “%s” %s if you installed Strawberry Perl into C:\Straberry

In the Extension box, type .cgi.

Note: Make sure that the All Verbs option is selected for full functionality. Also, make sure that the Script Engine check box is selected.

Instructions extracted from Microsoft Support Website

Detailed instructions at Microsoft Support Website

Internet Information Services 10 on Windows 10:

  • Open Internet Information Services as Administrator.
  • In the connections pane, select/click a website
  • In the Features View (middle) pane, double click Handler Mappings
  • In the Actions Pane, click Add Script Map
  • Type *.cgi in Request path
  • Type C:\Strawberry\perl\bin\perl5.26.1.exe “%s” %s in Executable
  • Type Perl CGI in Name
  • Click Request Restrictions
  • Select File in Mapping tab
  • Select All Verbs in Verbs tab
  • Select Execute in Access tab
  • Click OK
  • Select yes for Do you want to allow this ISAPI extension?

5. Get/download PC Access Free from ….

6. Copy the downloaded software into

  • C:/inetpub/wwwroot/ or
  • a user’s directory, e.g., C:/Users/username/public with standard privileges. This user should not have administrative privileges.  This is the suggested configuration.

7. Go to https://LOCAL-IP-OR-HOSTNAME/INSTALLATION-DIRECTORY

In most cases, it will be http://192.168.1.* or http://192.168.0.* or http://COMPUTERNAME

8. Set Administrative Username and password

Administrative and other username/password credentials are done/set in a folder/file that is NOT ACCESSIBLE to public via Access PC interface or your IIS server. For example, if your public folder is C:/inetpub/wwwroot/public, the user/pass folder is created in C:/inetpub which is not publicly accessible.

File type

Username/password file is a normal text file, with .t file extension. By default it is username.t saved as a text file in the folder you chose above.

File Format

This username.t file should have/follow a particular format. Each line should consist of at least three items separated by a ‘|’ symbol. E.g., USERNAME1|PASSWORD|USER_HOME_DIR

There is no limit to the number of users you can add to your instance of PC Access.

Set user/pass folder in admin.cgi

Don’t forget to provide/set the path to USER_PASS_FOLDER in admin.cgi which would be, as explained earlier in our example, C:/inetpub if your web root is C:/Inetpub/wwwroot.

Conclusion

The following topics are covered in this article.

  • Installing Internet Information Services,
  • installing Strawberry Perl,
  • adding handler mapping to .cgi files in IIS,
  • downloading PC Access Free software,
  • setting up users to administer/use PC Access, and
  • accessing PC Access Free from a web browser.

Feedback and bugs

Please provide feedback and suggestions in the comments below or at official Git Lab or at our instance of Git Lab or at Git Hub repository.

For those who love/prefer Bug Zilla for reporting bugs, you may also report bugs at Bug Zilla

Repairing a dead slow laptop

This is how I dealt with “repairing a dead slow laptop” according to the customer/owner.

Some details about the laptop:

Processor: Intel i5
RAM: 8 GB
Operating System: Windows 10 Home

Overall, a gorgeous laptop but running dead slow!

The reason for a dead slow laptop, in this case, was an erratic hard disk (C drive): Errors in the main hard drive, probably due to fall!

My initial “logging in” into the computer took a whole night (as Administrator) because, you guessed it, the laptop was running very slow!

So, I entered user name and password with administrative privileges before going to sleep and i was logged at least after four hours!

So, after fixing the hard disk errors by running chkdsk \f (with Administrator privileges), the dead slow laptop resumed its normal speed which was pretty good.

Customer happy; I am happy!

CentOS 7 docker container with Perl/Mojolicious

Requirements:

  1.  A running/live docker installation
  2. An open/available port on the host to access the newly installed container (4003 in this example)
  3. A basic understanding of docker containerization technology.

I ran into a network problem. A simple restart of docker service fixed it.

[root@ns24 ~]#docker run -d –publish 4003:80 a2zdotblue/c7-systemd-perl-mojo-02

Digest: sha256:a6a808fd286b1af1aa5ee46d5fa2eac2b61b02ecff234101bd098596a3b2a1f4
Status: Downloaded newer image for docker.io/a2zdotblue/c7-systemd-perl-mojo-02:latest
f07bfaab03efc10ceed140c04238746a4ba5edb54c01bb22b7af95648a38260c
/usr/bin/docker-current: Error response from daemon: driver failed programming external connectivity on endpoint lucid_swirles (d240ed06c8cb4f3a366e53acf1554ec6b437e296659f53646e8ad08f1e0c7129): (iptables failed: iptables –wait -t nat -A DOCKER -p tcp -d 0/0 –dport 4003 -j DNAT –to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).

[root@ns24 ~]# service docker restart


Redirecting to /bin/systemctl restart docker.service

Rerun code after docker restart

[root@ns24 ~] # docker run -d –publish 4003:80 a2zdotblue/c7-systemd-perl-mojo-02


cc422a9d647e71478ace6bb9a7e48b5034f66cc2142c830ebc0381469a92a34f

Log into the Container:

[root@ns24 ~]# docker exec -it cc422a9d647e /bin/bash

[root@cc422a9d647e app]

The Mojolicious sample app uses port 80 inside the container. Run hypnotoad (yes, already installed inside the container along with Mojoloicious Web Framework)

In docker terminology, port 80 is exposed for this app.

[root@cc422a9d647e app]# hypnotoad perlmojo/script/perlmojo


[Thu Aug 16 15:01:46 2018] [info] Listening at “http://*:80”
Server available at http://127.0.0.1:80

The above output confirms that the app is working and you can always update the app by logging into the live container!

Actually this example is live at ns24.a1z.us. It is accessible as long as my ISP provides/maintains good connection or until I decide to take it down!

Firefox and Chrome – blocked/unsafe ports

I used a port, 6666, which happened to be blocked by both Firefox and Chrome browsers. So after a little research, I understood that some ports are blocked by default including the one I used by both browsers. Hence this post on all blocked ports by them.

Mozilla Firefox

https://www-archive.mozilla.org/projects/netlib/PortBanning.html#portlist
Mozilla Firefox blocked/unsafe ports
1tcpmux
7echo
9discard
11systat
13daytime
15netstat
17qotd
19chargen
20ftp data
21ftp control
22ssh
23telnet
25smtp
37time
42name
43nicname
53domain
77priv-rjs
79finger
87ttylink
95supdup
101hostriame
102iso-tsap
103gppitnp
104acr-nema
109POP2
110POP3
111sunrpc
113auth
115sftp
117uucp-path
119NNTP
123NTP
135loc-srv / epmap
139netbios
143IMAP2
179BGP
389LDAP
465SMTP+SSL
512print / exec
513login
514shell
515printer
526tempo
530courier
531chat
532netnews
540uucp
556remotefs
563NNTP+SSL
587submission
601syslog
636LDAP+SSL
993IMAP+SSL
995POP3+SSL
2049nfs
4045lockd
6000X11

Google Chrome

https://src.chromium.org/viewvc/chrome/trunk/src/net/base/net_util.cc?view=markup
Google Chrome blocked/unsafe ports
  1,    // tcpmux
  7,    // echo
  9,    // discard
  11,   // systat
  13,   // daytime
  15,   // netstat
  17,   // qotd
  19,   // chargen
  20,   // ftp data
  21,   // ftp access
  22,   // ssh
  23,   // telnet
  25,   // smtp
  37,   // time
  42,   // name
  43,   // nicname
  53,   // domain
  77,   // priv-rjs
  79,   // finger
  87,   // ttylink
  95,   // supdup
  101,  // hostriame
  102,  // iso-tsap
  103,  // gppitnp
  104,  // acr-nema
  109,  // pop2
  110,  // pop3
  111,  // sunrpc
  113,  // auth
  115,  // sftp
  117,  // uucp-path
  119,  // nntp
  123,  // NTP
  135,  // loc-srv /epmap
  139,  // netbios
  143,  // imap2
  179,  // BGP
  389,  // ldap
  465,  // smtp+ssl
  512,  // print / exec
  513,  // login
  514,  // shell
  515,  // printer
  526,  // tempo
  530,  // courier
  531,  // chat
  532,  // netnews
  540,  // uucp
  556,  // remotefs
  563,  // nntp+ssl
  587,  // stmp?
  601,  // ??
  636,  // ldap+ssl
  993,  // ldap+ssl
  995,  // pop3+ssl
  2049, // nfs
  3659, // apple-sasl / PasswordServer
  4045, // lockd
  6000, // X11
  6665, // Alternate IRC [Apple addition]
  6666, // Alternate IRC [Apple addition]
  6667, // Standard IRC [Apple addition]
  6668, // Alternate IRC [Apple addition]
  6669, // Alternate IRC [Apple addition]