Saving ESCAM QF001 IP camera RTSP stream to disk

The ESCAM QF001 is a very cheap (but fairly decent) IP camera. Recently I bought three from AliExpress and payed about € 30 a piece. After testing I’m planning to buy three more. The only complaint I have is that they make kind of a hissing sound but the video and audio quality is pretty good for it’s price. Here is a review.

The goal is to save all the video / audio streams from the different camera’s to a hard disk so it can be viewed later. I’m having a Raspberry Pi Model B+ as a fileserver.

So in my case, I’m using six camera’s but this works as good for 1 as it does for 6 or for 10. Let’s get started.

You’ll need:

  • IP camera(‘s) that support(s) an RTSP stream;
  • a Linux fileserver. I’m using a Raspberry PI with Raspbian on it;

If you want to configure these camera’s, you’ll need VMS or Video Management Software. It’s probably developed in China but it’s not too bad, once you get to know it.

  • First I’m going to make sure the camera has a static IP so I can always reach it on the same address. This also will make things easy for our script. You select your camera (left treeview), click Device config and click on Network.

  • Second, I’m going to setup a password for the Administrator and make a separate account for the user that’s going to login to the camera and will fetch the RTSP stream. Same as before: select your camera (in the left treeview), click on Device config and choose Tool manager.
  • In the tab User manager I have added a user called ipcamera. You can remove rights from the user but I have not really bothered.

 

For now, we are done with the camera’s so we’ll get started on the Raspberry PI fileserver. I’m having an external hard disk attached to it with the following directories:

 

This is set up so the different camera’s can stream into their own directory.  I’m also making a user called ipcamera on the Raspberry Pi. This one will be used exclusively for streaming and you could tune the access this user has so it can just write into the different CAM folders.

I’m using avconv to convert the h264 RTSP stream into something VLC can read. The avconv package is part of winff, so I’m installing that on the PI.

This long stream will be split up into parts of 10 minutes. We’ll need to kill this avconv process and for that we’ll need pkill.

Logged in as the ipcamera user, I’m making two files in my homedirectory: /home/ipcamera:

  • recordIpCameras.sh

This file saves the live RTSP feed from the different camera’s. Don’t forget to change the user / password and chmod +x.

  • cleanIpCamera.sh

The script above generates the video files for us. This one deletes them after a set period of time.

In conclusion we’re going to add these two scripts to the crontab of the ipcamera user.

  • Login as the ipcamera user

Add these two lines to your crontab file:

Reboot (for the fun of it), wait until a tenth minute (like: 7:10, 7:20, 7:30) and watch the feeds pour in.

Magento 2 sending e-mail trough Outlook 365 Smtp

Like many others out there, we’re running our own VPS (Virtual Private Server) for our Magento 2 instance. This allows us full control over the code, security and it’s also pretty fast.

When using a VPS, you’ll need to setup e-mail yourself. You can save yourself the trouble if you have an Office 365 subscription. The only thing you have to do then is to make Magento send e-mails using the Outlook 365 Smtp server.

  • Navigate to your Magento 2 app/code directory

  • Make a directory structure like this:

 

The text in red is what’s probably different in your instance or what you’ll have to change.

  • In the folder Smtp, make a file called registration.php and insert the content from below. Make sure you change Organization_Smtp to what is appropriate for you. Don’t forget to chmod +x it :-).

  • In the folder etc, you’ll need to make two files: di.xml and module.xml

Insert the content below for di.xml and don’t forget to change Organization to what is appropriate for you.

Insert the content below for module.xml and don’t forget to change Organization to what is appropriate for you.

  • In the folder Module, you’ll need to make a file called Transport.php and insert the content below. Change Organization and username / password to what’s appropriate for you. Don’t forget to chmod +x it.

  • Now if you would order something, the confirmation e-mail will be sent trough the Outlook 365 Smtp service (if the sender is a valid Office 365 client).

Making a jailed user that’s only able to log-in in Ubuntu

Recently I needed to give someone read-only access to a production database that’s sitting on top a Virtual Private Server (VPS).

Since the database only allows connections from the localhost, you need to establish a SSH tunnel to the VPS using Putty. In order for the tunnel to work, the user has to be logged in. This means a shell has to be opened…

No way I was going to give that special someone access to the file system and no way I was opening up the database so you could connect to it from anywhere. I needed a shell that could only log in, nothing more.

Since I’m kind of a novice to Linux my first guess was to use rbash but after doing some reading (yes, reading… That’s a (Cinama) sin, right?) I found out this was like closing all the doors but with the key still in the lock.

This is what rbash restricts:

  • cd command (Change Directory)
  • PATH (setting/ unsetting)
  • ENV aka BASH_ENV (Environment Setting/ unsetting)
  • Importing Function
  • Specifying file name containing argument ‘/’
  • Specifying file name containing argument ‘-‘
  • Redirecting output using ‘>’, ‘>>’, ‘>|’, ‘<>’, ‘>&’, ‘&>’
  • turning off restriction using ‘set +r’ or ‘set +o’

However, I noticed you could still use vi or nano to read files if you’d knew the exact directory path. Not a risk you’re willing to take.

It seemed there was only one option and that was to jail the user to a chroot environment. Sounds difficult, doesn’t it?

Turns out it wasn’t.

All you need is a script called jailkit

First you’ll need to install it. It’s only available from source, no .deb packages.

I made a jail directory in the home directory and adjusted the permissions so only root has access.

Next you’ll have to do some configuring. The user I would like to have limited access for is called Mark (with a K).

Now we check the passwd file and modify it if necessary (maybe you’re more of a Zsh person. If the user needs to log into the shell using SSH, the shell should be able to use SSH connections. I’ve tried to use rbash there but that did not work.

Be very careful that you config the /etc/passwd file in /home/jail. I’ve lost an hour or so because I tried to edit /etc/passwd and not /home/jail/etc/passwd.

Change it so it looks something like:

And now, the final step, we add basic shell utilities to the jail.

Check the connection with Putty, the user should be able to log in and has nothing more than a shell. Sure he or she can change directories or do stuff but only in his jail, not in the main filesystem.