Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
This commit is contained in:
commit
204f2b1e22
|
@ -1,6 +1,22 @@
|
||||||
================================================================================
|
What's New
|
||||||
NEW INSTALLS
|
==========
|
||||||
================================================================================
|
|
||||||
|
1. The ZoneMinder mysql account now requires "Create" permission. This change
|
||||||
|
must be done manually before ZoneMinder will run. See the installation steps
|
||||||
|
below.
|
||||||
|
|
||||||
|
2. A new permission group called "Groups" has been added. This allows the
|
||||||
|
system administrator to assign "view", "edit", or "none" permission to
|
||||||
|
normal users, without giving them access to the rest of the ZoneMinder
|
||||||
|
system. During an upgrade, existing accounts will default to a Groups
|
||||||
|
permission of "none".
|
||||||
|
|
||||||
|
3. This package now requires the HTTPS protocol to access the web portal.
|
||||||
|
Requests using HTTP will auto-redirect to HTTPS. See README.https for
|
||||||
|
more information.
|
||||||
|
|
||||||
|
New installs
|
||||||
|
============
|
||||||
|
|
||||||
1. Unless you are already using MySQL server, you need to ensure that
|
1. Unless you are already using MySQL server, you need to ensure that
|
||||||
the server is confired to start during boot and properly secured
|
the server is confired to start during boot and properly secured
|
||||||
|
@ -11,7 +27,8 @@
|
||||||
sudo chkconfig mysqld on
|
sudo chkconfig mysqld on
|
||||||
|
|
||||||
2. Using the password for the root account set during the previous step, you
|
2. Using the password for the root account set during the previous step, you
|
||||||
will need to create the ZoneMinder database:
|
will need to create the ZoneMinder database and configure a database
|
||||||
|
account for ZoneMinder to use:
|
||||||
|
|
||||||
mysql -uroot -p
|
mysql -uroot -p
|
||||||
mysql> create database zm;
|
mysql> create database zm;
|
||||||
|
@ -21,20 +38,26 @@
|
||||||
mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql
|
mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql
|
||||||
mysqladmin -uroot -p reload
|
mysqladmin -uroot -p reload
|
||||||
|
|
||||||
|
The database account credentials, zmuser/zmpass, are arbitrary. Set them to
|
||||||
|
anything that suits your envinroment.
|
||||||
|
|
||||||
3. If you have chosen to change the zoneminder mysql credentials to something
|
3. If you have chosen to change the zoneminder mysql credentials to something
|
||||||
other than zmuser/zmpass then you must now edit /etc/zm.conf. Change
|
other than zmuser/zmpass then you must now edit /etc/zm.conf. Change
|
||||||
ZM_DB_USER and ZM_DB_PASS to the values you created in step 2.
|
ZM_DB_USER and ZM_DB_PASS to the values you created in step 2.
|
||||||
|
|
||||||
4. IMPORTANT: Edit /etc/php.ini and put in the appropriate timezone for
|
4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
|
||||||
date.timezone!
|
timezone. PHP will complain loudly if this is not set, or if it is set
|
||||||
|
incorrectly, and these complaints will show up in the zoneminder logging
|
||||||
|
system as errors
|
||||||
|
|
||||||
5. The ZoneMinder web interface is disabled by default, you will need
|
If you are not sure of the proper timezone specification to use, look at
|
||||||
to edit this file to enable it:
|
http://php.net/date.timezone
|
||||||
|
|
||||||
|
5. Verify the default ZoneMinder Apache configuration meets your needs:
|
||||||
|
|
||||||
/etc/httpd/conf.d/zoneminder.conf
|
/etc/httpd/conf.d/zoneminder.conf
|
||||||
|
|
||||||
HINT: Most users will want to simply delete the line that says
|
When in doubt, leave this configuration as it is.
|
||||||
"Deny from all".
|
|
||||||
|
|
||||||
6. Configure the web server to start automatically:
|
6. Configure the web server to start automatically:
|
||||||
|
|
||||||
|
@ -45,8 +68,8 @@
|
||||||
called local_zoneminder. A copy of this policy is in the documentation
|
called local_zoneminder. A copy of this policy is in the documentation
|
||||||
folder.
|
folder.
|
||||||
|
|
||||||
Unfortunately, this has not resolved all the SELinux issues so
|
It is still possible to run into SELinux issues, however. If this is case,
|
||||||
most will want to disable SELinux permanently by editing the following:
|
you can disable SELinux permanently by editing the following:
|
||||||
|
|
||||||
/etc/selinux/conf
|
/etc/selinux/conf
|
||||||
|
|
||||||
|
@ -66,27 +89,49 @@
|
||||||
UPGRADES
|
UPGRADES
|
||||||
================================================================================
|
================================================================================
|
||||||
|
|
||||||
1. Add additional permissions to the zmuser account:
|
1. Verify /etc/zm.conf.
|
||||||
|
|
||||||
|
If zm.conf was manually edited before running the upgrade, the installation
|
||||||
|
may not overwrite it. In this case, it will create the file
|
||||||
|
/etc/zm.conf.rpmnew.
|
||||||
|
|
||||||
|
For example, this will happen if you are using database account credentials
|
||||||
|
other than zmuser/zmpass.
|
||||||
|
|
||||||
|
Compare /etc/zm.conf to /etc/zm.conf.rpmnew. Verify that zm.conf
|
||||||
|
contains any new config settings that may be in zm.conf.rpmnew.
|
||||||
|
|
||||||
|
2. Verify permissions of the zmuser account.
|
||||||
|
|
||||||
|
Over time, the database account permissions required for normal operation
|
||||||
|
have changed. Verify the zmuser database account has been granted select,
|
||||||
|
insert, update, delete, lock tables, alter, and create permission to the
|
||||||
|
ZoneMinder database:
|
||||||
|
|
||||||
mysql -u root -p
|
mysql -u root -p
|
||||||
grant lock tables,alter,create on zm.* to
|
mysql> show grants for zmuser@localhost;
|
||||||
'zmuser'@localhost identified by 'zmpass';
|
mysql> exit;
|
||||||
|
|
||||||
Since this is an upgrade, the assumption is that the zmuser account exists
|
See step 2 of the Installation section to add missing permissions.
|
||||||
and already has select, insert, update, and delete permission.
|
|
||||||
|
3. Verify the ZoneMinder Apache configuration file in the folder
|
||||||
|
/etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there
|
||||||
|
may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file
|
||||||
|
exists, inspect it and merge anything new in that file with zoneminder.conf.
|
||||||
|
|
||||||
|
4. Upgrade the database before starting ZoneMinder.
|
||||||
|
|
||||||
|
Most upgrades can be performed by executing the following command:
|
||||||
|
|
||||||
2. If you have previsouly changed the zoneminder mysql credentials to something
|
sudo zmupdate.pl
|
||||||
other than zmuser/zmpass then you must now edit /etc/zm.conf. Change
|
|
||||||
ZM_DB_USER and ZM_DB_PASS to their appropriate values.
|
Recent versions of ZoneMinder don't require any parameters added to the
|
||||||
|
zmupdate command. However, if ZoneMinder complains, you may need to call
|
||||||
3. You will need to upgrade the ZoneMinder database as described in the manual.
|
zmupdate in the following manner:
|
||||||
Only if step 1 was succesfully applied, may you run zmupdate like so:
|
|
||||||
|
|
||||||
sudo zmupdate.pl --version=<from version>
|
|
||||||
|
|
||||||
|
|
||||||
If unsure then run it this way:
|
|
||||||
|
|
||||||
sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>
|
sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>
|
||||||
|
|
||||||
|
5. Now start zoneminder:
|
||||||
|
|
||||||
|
sudo service zoneminder start
|
||||||
|
|
||||||
|
|
|
@ -1,23 +1,21 @@
|
||||||
|
|
||||||
What's New
|
What's New
|
||||||
==========
|
==========
|
||||||
|
|
||||||
1. The Apache ScriptAlias has been changed from "/cgi-bin/zm/zms" to
|
1. The ZoneMinder mysql account now requires "Create" permission. This change
|
||||||
"/cgi-bin-zm/zms". This has been to done to avoid this bug:
|
must be done manually before ZoneMinder will run. See the installation steps
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=973067
|
below.
|
||||||
|
|
||||||
IMPORTANT: ZoneMinder will not update this value during an upgrade. You must
|
2. A new permission group called "Groups" has been added. This allows the
|
||||||
manually update ZM_PATH_ZMS yourself under Options. This does not affect
|
system administrator to assign "view", "edit", or "none" permission to
|
||||||
new installs.
|
normal users, without giving them access to the rest of the ZoneMinder
|
||||||
|
system. During an upgrade, existing accounts will default to a Groups
|
||||||
|
permission of "none".
|
||||||
|
|
||||||
2. During an rpm package upgrade, zmupdate.pl will now auto-update the database
|
3. This package now requires the HTTPS protocol to access the web portal.
|
||||||
and the zonemidner service will restart automatically.
|
Requests using HTTP will auto-redirect to HTTPS. See README.https for
|
||||||
|
more information.
|
||||||
3. The ZoneMinder config file, zm.conf, has been moved under /etc/zm.
|
|
||||||
|
4. This package ships with the new ZoneMinder API enabled.
|
||||||
4. Systemd. CentOS 7 uses Systemd instead of the legacy Sys V Init. Under the
|
|
||||||
hood, Systemd does things quite a bit differently. Prepare to go through a
|
|
||||||
learning curve if you have not done so already.
|
|
||||||
|
|
||||||
New installs
|
New installs
|
||||||
============
|
============
|
||||||
|
@ -36,7 +34,7 @@ New installs
|
||||||
|
|
||||||
mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql
|
mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql
|
||||||
mysql -u root -p
|
mysql -u root -p
|
||||||
mysql> grant select,insert,update,delete,lock tables,alter, create
|
mysql> grant select,insert,update,delete,lock tables,alter,create
|
||||||
on zm.* to 'zmuser'@localhost identified by 'zmpass';
|
on zm.* to 'zmuser'@localhost identified by 'zmpass';
|
||||||
mysql> exit;
|
mysql> exit;
|
||||||
mysqladmin -u root -p reload
|
mysqladmin -u root -p reload
|
||||||
|
@ -50,21 +48,22 @@ New installs
|
||||||
step.
|
step.
|
||||||
|
|
||||||
4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
|
4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
|
||||||
timezone. For whatever reason, PHP will complain loudly if this is not set,
|
timezone. PHP will complain loudly if this is not set, or if it is set
|
||||||
or if it is set incorrectly, and these complaints will show up in the
|
incorrectly, and these complaints will show up in the zoneminder logging
|
||||||
zoneminder logging system as errors.
|
system as errors.
|
||||||
|
|
||||||
If you are not sure of the proper timezone specification to use, look at
|
If you are not sure of the proper timezone specification to use, look at
|
||||||
http://php.net/date.timezone
|
http://php.net/date.timezone
|
||||||
|
|
||||||
5. This package will automatically configure and install an SELinux policy
|
5. Disable SELinux
|
||||||
called local_zoneminder. A copy of this policy is in the documentation
|
|
||||||
folder.
|
We currently do not have the resources to create and maintain an accurate
|
||||||
|
SELinux policy for ZoneMinder on CentOS 7. We will gladly accept pull
|
||||||
|
reqeusts from anyone who wishes to do the work. In the meantime, SELinux
|
||||||
|
will need to be disabled or put into permissive mode.
|
||||||
|
|
||||||
Maintaining an accurate SELinux policy file that does not create issues has
|
To immediately disbale SELinux for the current seesion, issue the following
|
||||||
been a struggle. If SELinux blocks nortmal ZoneMinder acitivity, or you
|
from the command line:
|
||||||
feel you just don't need it, SELinux can be disabled for the current running
|
|
||||||
session with the following command:
|
|
||||||
|
|
||||||
sudo setenforce 0
|
sudo setenforce 0
|
||||||
|
|
||||||
|
@ -99,7 +98,7 @@ Upgrades
|
||||||
|
|
||||||
2. Verify permissions of the zmuser account.
|
2. Verify permissions of the zmuser account.
|
||||||
|
|
||||||
Overtime, the database account permissions required for normal operation
|
Over time, the database account permissions required for normal operation
|
||||||
have changed. Verify the zmuser database account has been granted select,
|
have changed. Verify the zmuser database account has been granted select,
|
||||||
insert, update, delete, lock tables, alter, and create permission to the
|
insert, update, delete, lock tables, alter, and create permission to the
|
||||||
ZoneMinder database:
|
ZoneMinder database:
|
||||||
|
@ -108,20 +107,26 @@ Upgrades
|
||||||
mysql> show grants for zmuser@localhost;
|
mysql> show grants for zmuser@localhost;
|
||||||
mysql> exit;
|
mysql> exit;
|
||||||
|
|
||||||
3. Verify the database was upgraded automatically.
|
See step 2 of the Installation section to add missing permissions.
|
||||||
|
|
||||||
From the web console, ZoneMinder should show a status of "Running", and the
|
3. Verify the ZoneMinder Apache configuration file in the folder
|
||||||
version number should have incremented.
|
/etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there
|
||||||
|
may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file
|
||||||
|
exists, inspect it and merge anything new in that file with zoneminder.conf.
|
||||||
|
|
||||||
If it is not running, then try to start it. The web console will indicate
|
4. Upgrade the database before starting ZoneMinder.
|
||||||
if there is a database version conflict. If this is the case, then you may
|
|
||||||
need to manually update the database from the command line:
|
Most upgrades can be performed by executing the following command:
|
||||||
|
|
||||||
sudo zmupdate.pl
|
sudo zmupdate.pl
|
||||||
|
|
||||||
Modern versions of ZoneMinder don't require any parameters added to the
|
Recent versions of ZoneMinder don't require any parameters added to the
|
||||||
zmupdate command. However, if ZoneMinder complains, you may need to call
|
zmupdate command. However, if ZoneMinder complains, you may need to call
|
||||||
zmupdate in the following manner:
|
zmupdate in the following manner:
|
||||||
|
|
||||||
sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>
|
sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>
|
||||||
|
|
||||||
|
5. Now start zoneminder:
|
||||||
|
|
||||||
|
sudo systemctl start zoneminder
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
HTTPS is now a requirement
|
||||||
|
==========================
|
||||||
|
|
||||||
|
This package now depends on Apache's mod_ssl pacakge. This will automatically
|
||||||
|
be installed along with ZoneMinder. Upon installation, the mod_ssl package
|
||||||
|
will create a default, self-signed certificate. This is the certificate that
|
||||||
|
ZoneMinder will use out of the box.
|
||||||
|
|
||||||
|
Since the certificate is self-signed, you will get a warning from your browser
|
||||||
|
the first time you access the web portal. This is normal.
|
||||||
|
|
||||||
|
This is not intended to be an all encompasing solution for everyone. ZoneMinder
|
||||||
|
will work just fine over HTTPS the way it is currently configured. However,
|
||||||
|
here are a couple of considerations you may want to take.
|
||||||
|
|
||||||
|
1. Create your own certificate. The CentOS wiki has a guide that describes how
|
||||||
|
to do this: https://wiki.centos.org/HowTos/Https . Additionally, Googling
|
||||||
|
"centos certificate" reveals many articles on the subject. Note that some
|
||||||
|
third party applications, such as zmNinja, will require you to create a
|
||||||
|
certificate different than the default certificate on your machine.
|
||||||
|
|
||||||
|
2. You can turn off HTTPS entirely by simply commenting out the SSLRequireSSL
|
||||||
|
directives found in /etc/httpd/conf.d/zoneminder.conf. You should also
|
||||||
|
comment out the HTTP -> HTTPS Rewrite rule.
|
||||||
|
|
|
@ -1,26 +1,26 @@
|
||||||
# When using Zoneminder's own authentication, recorded CCTV images are
|
|
||||||
# accessible from the web directly without passing the authentication. This
|
|
||||||
# means any attacker could see your CCTV images without a password. In order
|
|
||||||
# to avoid this you can disable Zoneminder's authentication and configure
|
|
||||||
# standard Apache authentication (see the Apache documentation for details on
|
|
||||||
# this).
|
|
||||||
#
|
#
|
||||||
# If you still wish to use Zoneminder's own authentication, or have an
|
# ZoneMinder Apache configuration file
|
||||||
# internal site which needs no authentication, you need to delete the line
|
# With SSLRequire and HTTPS auto redirect
|
||||||
# marked below and restart Apache.
|
# Modify this configuration to suit your requirements
|
||||||
|
#
|
||||||
|
|
||||||
|
# Auto Redirect HTTP requests to HTTPS
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteCond %{HTTPS} !=on
|
||||||
|
RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L]
|
||||||
|
|
||||||
Alias /zm "@ZM_WEBDIR@"
|
Alias /zm "@ZM_WEBDIR@"
|
||||||
<Directory "@ZM_WEBDIR@">
|
<Directory "@ZM_WEBDIR@">
|
||||||
|
SSLRequireSSL
|
||||||
Options -Indexes MultiViews FollowSymLinks
|
Options -Indexes MultiViews FollowSymLinks
|
||||||
AllowOverride All
|
AllowOverride All
|
||||||
Order allow,deny
|
Order allow,deny
|
||||||
Allow from all
|
Allow from all
|
||||||
# ZoneMinder no longer uses short tags so this is safe to leave disabled
|
|
||||||
# php_value short_open_tag 1
|
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
ScriptAlias /cgi-bin/zm "@ZM_WEBDIR@"
|
ScriptAlias /cgi-bin/zm "@ZM_WEBDIR@"
|
||||||
<Directory "@ZM_WEBDIR@">
|
<Directory "@ZM_WEBDIR@">
|
||||||
|
SSLRequireSSL
|
||||||
AllowOverride All
|
AllowOverride All
|
||||||
Options ExecCGI FollowSymLinks
|
Options ExecCGI FollowSymLinks
|
||||||
Order allow,deny
|
Order allow,deny
|
||||||
|
|
|
@ -30,8 +30,8 @@ BuildRequires: libcurl-devel vlc-devel ffmpeg-devel polkit-devel
|
||||||
# cmake needs the following installed at build time due to the way it auto-detects certain parameters
|
# cmake needs the following installed at build time due to the way it auto-detects certain parameters
|
||||||
BuildRequires: httpd ffmpeg
|
BuildRequires: httpd ffmpeg
|
||||||
|
|
||||||
Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo polkit net-tools psmisc
|
Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo polkit net-tools mod_ssl
|
||||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
Requires: psmisc perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||||
Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip)
|
Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip)
|
||||||
Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP)
|
Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP)
|
||||||
Requires: libcurl vlc-core ffmpeg
|
Requires: libcurl vlc-core ffmpeg
|
||||||
|
@ -96,8 +96,20 @@ echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wa
|
||||||
/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null
|
/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null
|
||||||
/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null
|
/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null
|
||||||
|
|
||||||
# Display the README for post installation instructions
|
# Upgrade from a previous version of zoneminder
|
||||||
/usr/bin/less %{_docdir}/%{name}-%{version}/README.CentOS
|
if [ $1 -eq 2 ] ; then
|
||||||
|
# Freshen the database
|
||||||
|
/usr/bin/zmupdate.pl -f
|
||||||
|
|
||||||
|
# We can't run this automatically when new sql account permissions need to
|
||||||
|
# be manually added first
|
||||||
|
# Run zmupdate non-interactively
|
||||||
|
#/usr/bin/zmupdate.pl --nointeractive
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Warn the end user to read the README file
|
||||||
|
echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos to finish the\ninstallation or upgrade!\n"
|
||||||
|
echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n"
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
|
@ -170,6 +182,9 @@ rm -rf %{_docdir}/%{name}-%{version}
|
||||||
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload
|
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 8 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
||||||
|
- Require https, freshen dB on updates.
|
||||||
|
|
||||||
* Wed Feb 18 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
* Wed Feb 18 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
||||||
- Include ONVIF support files
|
- Include ONVIF support files
|
||||||
|
|
||||||
|
|
|
@ -1,16 +1,17 @@
|
||||||
# When using Zoneminder's own authentication, recorded CCTV images are
|
|
||||||
# accessible from the web directly without passing the authentication. This
|
|
||||||
# means any attacker could see your CCTV images without a password. In order
|
|
||||||
# to avoid this you can disable Zoneminder's authentication and configure
|
|
||||||
# standard Apache authentication (see the Apache documentation for details on
|
|
||||||
# this).
|
|
||||||
#
|
#
|
||||||
# If you still wish to use Zoneminder's own authentication, or have an
|
# ZoneMinder Apache configuration file
|
||||||
# internal site which needs no authentication, you need to delete the line
|
# With SSLRequire and HTTPS auto redirect
|
||||||
# marked below and restart Apache.
|
# Modify this configuration to suit your requirements
|
||||||
|
#
|
||||||
|
|
||||||
|
# Auto Redirect HTTP requests to HTTPS
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteCond %{HTTPS} !=on
|
||||||
|
RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L]
|
||||||
|
|
||||||
Alias /zm "@ZM_WEBDIR@"
|
Alias /zm "@ZM_WEBDIR@"
|
||||||
<Directory "@ZM_WEBDIR@">
|
<Directory "@ZM_WEBDIR@">
|
||||||
|
SSLRequireSSL
|
||||||
Options -Indexes +MultiViews +FollowSymLinks
|
Options -Indexes +MultiViews +FollowSymLinks
|
||||||
AllowOverride All
|
AllowOverride All
|
||||||
<IfModule mod_authz_core.c>
|
<IfModule mod_authz_core.c>
|
||||||
|
@ -22,12 +23,11 @@ Alias /zm "@ZM_WEBDIR@"
|
||||||
Order deny,allow
|
Order deny,allow
|
||||||
Allow from all
|
Allow from all
|
||||||
</IfModule>
|
</IfModule>
|
||||||
# ZoneMinder no longer uses short tags so this is safe to leave disabled
|
|
||||||
# php_value short_open_tag 1
|
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@"
|
ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@"
|
||||||
<Directory "@ZM_CGIDIR@">
|
<Directory "@ZM_CGIDIR@">
|
||||||
|
SSLRequireSSL
|
||||||
AllowOverride All
|
AllowOverride All
|
||||||
Options +ExecCGI +FollowSymLinks
|
Options +ExecCGI +FollowSymLinks
|
||||||
<IfModule mod_authz_core.c>
|
<IfModule mod_authz_core.c>
|
||||||
|
@ -40,3 +40,4 @@ ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@"
|
||||||
Allow from all
|
Allow from all
|
||||||
</IfModule>
|
</IfModule>
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
|
|
|
@ -32,8 +32,8 @@ BuildRequires: ffmpeg ffmpeg-devel perl(X10::ActiveHome) perl(Astro::SunTime)
|
||||||
# cmake needs the following installed at build time due to the way it auto-detects certain parameters
|
# cmake needs the following installed at build time due to the way it auto-detects certain parameters
|
||||||
BuildRequires: httpd polkit-devel
|
BuildRequires: httpd polkit-devel
|
||||||
|
|
||||||
Requires: httpd php php-gd php-mysql mariadb-server polkit net-tools psmisc
|
Requires: httpd php php-gd php-mysql mariadb-server polkit net-tools mod_ssl
|
||||||
Requires: libjpeg-turbo vlc-core libcurl
|
Requires: psmisc libjpeg-turbo vlc-core libcurl
|
||||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||||
Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip)
|
Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip)
|
||||||
Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP)
|
Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP)
|
||||||
|
@ -87,20 +87,27 @@ fi
|
||||||
/usr/bin/gpasswd -a %{zmuid_final} video
|
/usr/bin/gpasswd -a %{zmuid_final} video
|
||||||
/usr/bin/gpasswd -a %{zmuid_final} dialout
|
/usr/bin/gpasswd -a %{zmuid_final} dialout
|
||||||
|
|
||||||
|
# Disabled. SELinux policy does not work for RHEL 7.
|
||||||
# Create and load zoneminder selinux policy module
|
# Create and load zoneminder selinux policy module
|
||||||
echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n"
|
#echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n"
|
||||||
/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null
|
#/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null
|
||||||
/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null
|
#/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null
|
||||||
/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null
|
#/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null
|
||||||
|
|
||||||
# Upgrade from a previous version of zoneminder
|
# Upgrade from a previous version of zoneminder
|
||||||
if [ $1 -eq 2 ] ; then
|
if [ $1 -eq 2 ] ; then
|
||||||
|
# Freshen the database
|
||||||
|
/usr/bin/zmupdate.pl -f
|
||||||
|
|
||||||
|
# We can't run this automatically when new sql account permissions need to
|
||||||
|
# be manually added first
|
||||||
# Run zmupdate non-interactively
|
# Run zmupdate non-interactively
|
||||||
/usr/bin/zmupdate.pl --nointeractive
|
#/usr/bin/zmupdate.pl --nointeractive
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Display the README for post installation instructions
|
# Warn the end user to read the README file
|
||||||
/usr/bin/less %{_docdir}/%{name}-%{version}/README.Centos7
|
echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos7 to finish the\ninstallation or upgrade!\n"
|
||||||
|
echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n"
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
if [ $1 -eq 0 ] ; then
|
if [ $1 -eq 0 ] ; then
|
||||||
|
@ -184,6 +191,9 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 7 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
||||||
|
- Require https, disable selinux module, freshen dB on updates.
|
||||||
|
|
||||||
* Sun Feb 8 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
* Sun Feb 8 2015 Andrew Bauer <knnniggett@users.sourceforge.net> - 1.28.1
|
||||||
- Initial release for CentOS 7.
|
- Initial release for CentOS 7.
|
||||||
|
|
||||||
|
|
|
@ -357,6 +357,60 @@ our @options =
|
||||||
type => $types{boolean},
|
type => $types{boolean},
|
||||||
category => "system",
|
category => "system",
|
||||||
},
|
},
|
||||||
|
# PP - Google reCaptcha settings
|
||||||
|
{
|
||||||
|
name => "ZM_OPT_USE_GOOG_RECAPTCHA",
|
||||||
|
default => "no",
|
||||||
|
description => "Add Google reCaptcha to login page",
|
||||||
|
help => qqq("
|
||||||
|
This option allows you to include a google
|
||||||
|
reCaptcha validation at login. This means in addition to providing
|
||||||
|
a valid usernane and password, you will also have to
|
||||||
|
pass the reCaptcha test. Please note that enabling this
|
||||||
|
option results in the zoneminder login page reach out
|
||||||
|
to google servers for captcha validation. Also please note
|
||||||
|
that enabling this option will break 3rd party clients
|
||||||
|
like zmNinja and zmView as they also need to login to ZoneMinder
|
||||||
|
and they will fail the reCaptcha test.
|
||||||
|
"),
|
||||||
|
requires => [
|
||||||
|
{name=>"ZM_OPT_USE_AUTH", value=>"yes"}
|
||||||
|
],
|
||||||
|
type => $types {boolean},
|
||||||
|
category => "system",
|
||||||
|
},
|
||||||
|
|
||||||
|
{
|
||||||
|
name => "ZM_OPT_GOOG_RECAPTCHA_SITEKEY",
|
||||||
|
default => "...Insert your recaptcha site-key here...",
|
||||||
|
description => "Your recaptcha site-key",
|
||||||
|
help => qqq("You need to generate your keys from
|
||||||
|
the Google reCaptcha website.
|
||||||
|
Please refer to https://www.google.com/recaptcha/
|
||||||
|
for more details.
|
||||||
|
"),
|
||||||
|
requires => [
|
||||||
|
{name=>"ZM_OPT_USE_GOOG_RECAPTCHA", value=>"yes"}
|
||||||
|
],
|
||||||
|
type => $types {string},
|
||||||
|
category => "system",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name => "ZM_OPT_GOOG_RECAPTCHA_SECRETKEY",
|
||||||
|
default => "...Insert your recaptcha secret-key here...",
|
||||||
|
description => "Your recaptcha secret-key",
|
||||||
|
help => qqq("You need to generate your keys from
|
||||||
|
the Google reCaptcha website.
|
||||||
|
Please refer to https://www.google.com/recaptcha/
|
||||||
|
for more details.
|
||||||
|
"),
|
||||||
|
requires => [
|
||||||
|
{name=>"ZM_OPT_USE_GOOG_RECAPTCHA", value=>"yes"}
|
||||||
|
],
|
||||||
|
type => $types {string},
|
||||||
|
category => "system",
|
||||||
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
name => "ZM_DIR_EVENTS",
|
name => "ZM_DIR_EVENTS",
|
||||||
default => "events",
|
default => "events",
|
||||||
|
|
|
@ -18,6 +18,31 @@
|
||||||
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||||
//
|
//
|
||||||
|
|
||||||
|
|
||||||
|
// PP - POST request handler for PHP which does not need extensions
|
||||||
|
// credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/
|
||||||
|
|
||||||
|
function do_post_request($url, $data, $optional_headers = null)
|
||||||
|
{
|
||||||
|
$params = array('http' => array(
|
||||||
|
'method' => 'POST',
|
||||||
|
'content' => $data
|
||||||
|
));
|
||||||
|
if ($optional_headers !== null) {
|
||||||
|
$params['http']['header'] = $optional_headers;
|
||||||
|
}
|
||||||
|
$ctx = stream_context_create($params);
|
||||||
|
$fp = @fopen($url, 'rb', false, $ctx);
|
||||||
|
if (!$fp) {
|
||||||
|
throw new Exception("Problem with $url, $php_errormsg");
|
||||||
|
}
|
||||||
|
$response = @stream_get_contents($fp);
|
||||||
|
if ($response === false) {
|
||||||
|
throw new Exception("Problem reading data from $url, $php_errormsg");
|
||||||
|
}
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
|
||||||
function getAffectedIds( $name )
|
function getAffectedIds( $name )
|
||||||
{
|
{
|
||||||
$names = $name."s";
|
$names = $name."s";
|
||||||
|
@ -42,6 +67,28 @@ if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST[
|
||||||
|
|
||||||
if ( !empty($action) )
|
if ( !empty($action) )
|
||||||
{
|
{
|
||||||
|
// PP - lets validate reCaptcha if it exists
|
||||||
|
if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY && ZM_OPT_GOOG_RECAPTCHA_SITEKEY)
|
||||||
|
{
|
||||||
|
$url = 'https://www.google.com/recaptcha/api/siteverify';
|
||||||
|
$fields = array (
|
||||||
|
'secret'=> ZM_OPT_GOOG_RECAPTCHA_SECRETKEY,
|
||||||
|
'response' => $_REQUEST['g-recaptcha-response'],
|
||||||
|
'remoteip'=> $_SERVER['REMOTE_ADDR']
|
||||||
|
|
||||||
|
);
|
||||||
|
$res= do_post_request($url, http_build_query($fields));
|
||||||
|
$result = json_decode($res);
|
||||||
|
if ($result->success != 'true')
|
||||||
|
{
|
||||||
|
userLogout();
|
||||||
|
$view='login';
|
||||||
|
$refreshParent = true;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// General scope actions
|
// General scope actions
|
||||||
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )
|
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )
|
||||||
{
|
{
|
||||||
|
|
|
@ -20,6 +20,13 @@
|
||||||
|
|
||||||
xhtmlHeaders(__FILE__, translate('Login') );
|
xhtmlHeaders(__FILE__, translate('Login') );
|
||||||
?>
|
?>
|
||||||
|
<!-- PP: Add recaptcha script if enabled -->
|
||||||
|
<?php
|
||||||
|
if (ZM_OPT_USE_GOOG_RECAPTCHA)
|
||||||
|
{
|
||||||
|
echo "<head> <script src='https://www.google.com/recaptcha/api.js'></script> </head>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
<body>
|
<body>
|
||||||
<div id="page">
|
<div id="page">
|
||||||
<div id="header">
|
<div id="header">
|
||||||
|
@ -43,6 +50,13 @@ xhtmlHeaders(__FILE__, translate('Login') );
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<input type="submit" value="<?php echo translate('Login') ?>"/>
|
<input type="submit" value="<?php echo translate('Login') ?>"/>
|
||||||
|
<!-- PP: Added recaptcha widget if enabled -->
|
||||||
|
<?php
|
||||||
|
if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SITEKEY && ZM_OPT_GOOGLE_RECAPTCHA_SECRETKEY)
|
||||||
|
{
|
||||||
|
echo "<br/><br/><center> <div class='g-recaptcha' data-sitekey='".ZM_OPT_GOOG_RECAPTCHA_SITEKEY."'></div> </center>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in New Issue