ZoneMinder (Linux video camera security and surveillance)

home of ZoneMinder the top Linux video camera security and surveillance solution. ZoneMinder is intended for use in single or multi-camera video security applications, including commercial or home CCTV, theft prevention and child, family member or home monitoring and other domestic care scenarios such as nanny cam installations. It supports capture, analysis, recording, and monitoring of video data coming from one or more video or network cameras attached to a Linux system. ZoneMinder also support web and semi-automatic control of Pan/Tilt/Zoom cameras using a variety of protocols. It is suitable for use as a DIY home video security system and for commercial or professional video security and surveillance. It can also be integrated into a home automation system via X.10 or other protocols. If you're looking for a low cost CCTV system or a more flexible alternative to cheap DVR systems then why not give ZoneMinder a try?

Feature List

• Runs on any Linux distribution!
• Supports video, USB and network cameras.
• Support Pan/Tilt/Zoom cameras, extensible to add new control protocols.
• Built on standard tools, C++, perl and PHP.
• Uses high performance MySQL database.
• High performance independent video capture and analysis daemons allowing high failure redundancy.
• Multiple Zones (Regions Of Interest) can be defined per camera. Each can have a different sensitivity or be ignored altogether.
• Large number of configuration options allowing maximum performance on any hardware.
• User friendly web interface allowing full control of system or cameras as well as live views and event replays.
• Supports live video in mpeg video, multi-part jpeg and stills formats.
• Supports event replay in mpeg video, multi-part jpeg, stills formats, along with statistics detail.
• User defined filters allowing selection of any number of events by combination of characteristics in any order.
• Event notification by email or SMS including attached still images or video of specific events by filter.
• Automatic uploading of matching events to external FTP storage for archiving and data security.
• Includes bi-directional X.10 (home automation protocol) integration allowing X.10 signals to control when video is captured and for motion detection to trigger X.10 devices.
• Highly partitioned design allow other hardware interfacing protocols to be added easily for support of alarm panels etc.
• Multiple users and user access levels Multi-language support with many languages already included Full control script support allowing most tasks to be automated or added to other applications.
• Support external triggering by 3rd party applications or equipment.
• xHTML mobile/cellular phone access allowing access to common functions
• iPhone interface available

Courtesy : http://www.zoneminder.com/

Using IPset with IPtables to block large IP ranges

There are a large number of firewall and security appliances on the market, some good some awful. I tend to use a lot of Cisco security products. With the current supply chain problems in getting hold of Cisco products I have been looking around the market. I have noticed that a number of products are systems which have FreeBSD or Linux at the heart under a nice shiny badge.
I thought I will put together a solution myself based on the same ingredients. The reason why is because I have realised that I have become dependent on main stream vendors to deploy solutions, and don’t always fully address the need. With the push to virtualisation, it would be good to have a powerful virtualised firewall just like the big boys. So he is what I have done so far.

High performance Ubuntu Firewall

If you run a webserver you will know that your webserver is scanned and probed from particular networks from originating from a hot-spot of countries. If your web application does not require then why not just block it.
Well it can prove expensive in terms of performance, to block a whole country can take 1000’s of rules (http://www.countryipblocks.net/). Well using this solution you can do things some of the big boys cant do ( Sonicwall !). Using iptables and IPset you can create 1000’s of rules and objects with impacting heavily on performance.
Iptables is already part of all Linux Distributions, However IPset is not. You have to install it and it can be a bit awkward. However it is a piece of cake in Ubuntu 10.04 LTS.

sudo apt-get install ipset ipset-source
m-a a-i ipset

Performing the previous commands will install the required kernel modules using module-assistant, and also the user space tools. You are know ready to create your very large firewall rules. This is so much easier than patching the kernel with patcho-matic and recompiling iptables. This is how you use it
Create your sets, you can get your network list from http://www.countryipblocks.net/ and write a script to generate the creation of the list.

ipset –create feckoff nethash
ipset –add feckoff 27.8.0.0/12
ipset –add feckoff 27.24.0.0/13
ipset –add feckoff 27.8.0.0/12
ipset –add feckoff 27.24.0.0/13
ipset –add feckoff 27.36.0.0/13
ipset –add feckoff 27.44.0.0/14
ipset –add feckoff 27.50.128.0/17
ipset –add feckoff 27.54.192.0/18
ipset –add feckoff 27.144.0.0/16
ipset –add feckoff 27.148.0.0/10
ipset –add feckoff 27.212.0.0/12
ipset –add feckoff 58.14.0.0/13
ipset –add feckoff 58.22.0.0/14
……. etc etc 100’s of subnets later you have added all your subnets, DONT MIX /32 networks or hosts

Now he comes the important bit. Now you have created your IPset you can now apply it to your rule base.

iptables -A INPUT -m set –set feckoff src -j DROP

You have just blocked 1000’s of subnets with one command in your ruleset
In an ideal world you would not really want to block a whole range of subnets like this, It is not the best use of resources. However there are times when this is required to increase security of you webserver against a particular type of attack.

Courtesy :  http://www.jsimmons.co.uk/2010/06/08/using-ipset-with-iptables-in-ubuntu-lts-1004-to-block-large-ip-ranges/

How to block huge amount of IP adresses

Sometime you need to block really big numbers of IP addresses. It could be for different reasons. For example, in case of password bruteforce, DDoS attack. Of course, you can block them just in iptables. But there can be a problem. If set of IP adresses contain thousands of items iptables perfomance decreases (actually, perfomance of netfilter, as soon as iptables is just a tool for managing firewall). Your CPU load can increase too. Fortunately there is a perfect solution – ipsets.
So here is a problem. You need to add thousand of IP to your firewall. In almost all cases there are random IPs from various network. Here we suppose you run Fedora 14 box so you don’t have to recompile kernel modules.
First of all you need to install xtables-addons. You can find it in RPM fusion repository.

yum install  xtables-addons

Next create ipset chain. We’ll call it autoban:

ipset -N autoban iphash ––hashsize 4096 ––probes 2 ––resize 50

Add it to your iptables chain. It can differ depending on your firewall settings. Here we use ethin chain.

iptables -I ethin 2 -p tcp -m multiport ––dport 80,443 -m set ––match-set autoban src -j DROP

Now you can add all bad IP to your ipset. For instance, you have text file called bots.txt with one IP per line. So you can add them to ipset using simple bash script:

for i in $( cat /tmp/bots.txt ) ; do ipset -A ban $i ; done

To check run:

ipset -L autoban

Save rules to config:

/etc/init.d/ipset save

Enable ipset startup script to load after reboot.

chkconfig ipset on

Note! To prevent blocking yourself you may add simple cron task:

*/5 * * * * ipset -F

In case you made some mistake it will flush all items from all ipsets.
Also you should know ipset supports different IP sets –– ipmap, macipmap, portmap, nethash and so on.
Refer to man ipset to choose which fit your requirements.
Starting with version 5.0 ipset supports IPv6. But Fedora 14 includes ipset 4.4.

Courtesy : http://supportex.net/2011/02/block-huge-amount-ip-adresses-ipset-fedora-14/

Endian Firewall

Endian Firewall Community (EFW) is a "turn-key" linux security distribution that turns every system into a full featured security appliance with Unified Threat Management (UTM) functionality. The software has been designed with "usability in mind" and is very easy to install, use and manage, without losing its flexibility.
The features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spam-filtering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN).

General	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Open Source License (GPL)
Free download	N/A	N/A	N/A	N/A	N/A	N/A	N/A	N/A	N/A
Suggested number of users (not limited)	N/A	<25	<100	<250	250+	<1,000	<2,500	5-10	25+
Commercial support options
Ticket System Support
Direct support from Endian
Phone Support
Live/Remote Support (hands on)
Instant Hardware Replacement
Industrial Grade Hardware								N/A	N/A
LCD display with system status and management functionality	N/A	N/A						N/A	N/A
Network Security	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Stateful Packet Firewall
Demilitarized Zone (DMZ)
Intrusion Prevention (Snort)
Multiple Public IPs
Quality of Service and Bandwidth Management
SNMP support
VoIP/SIP support
Portscan Detection
DoS and DDoS Protection
SYN/ICMP Flood Protection
Anti-Spoofing Protection
VLAN support (IEEE 802.1Q trunking)
DNS Proxy/Routing
Web Security	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
HTTP & FTP proxies	N/A
Anti-virus (100.000+ patterns)	N/A
Transparent Proxy support	N/A
Content Analysis/Filtering	N/A
URL Blacklist	N/A
Authentication: Local, RADIUS, LDAP, Active Directory	N/A
NTLM Single Sign-On	N/A
Group based web content filter	N/A
Group based web access policies	N/A
Time based access control with multiple time intervals	N/A
Sophos Antivirus (optional)	N/A
Mail Security - REVISED	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
SMTP & POP3 proxies	N/A
Anti-spam with Bayes, Pattern, SPF,	N/A
Heuristics, Black- and White-lists support	N/A
Anti-virus (100.000+ patterns)	N/A
Transparent Proxy support	N/A
Spam Auto-Learning	N/A
Transparent Mail Forwarding (BCC)	N/A
Greylisting	N/A
Commtouch RPD (optional)	N/A
Sophos Antivirus (optional)	N/A
Virtual Private Networks (VPN)	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
True SSL/TLS VPN (OpenVPN)
IPSEC
Encryption; DES, 3DES, AES 128-,192-, 256-bit
Authentication: Pre-Shared Key, Certification Authority, Local
Support for VPN over HTTPS Proxy (OpenVPN)
X.509 and 2 factor based authentication
PPTP Passthrough
Pushing of DNS settings and Routes to clients (OpenVPN)
Automatic connection failover (OpenVPN)
Native VPN Client for MS Windows, MacOSX and Linux
Hotspot	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Captive Portal	N/A							N/A
Wired/Wireless support	N/A							N/A
Pre-/Post-paid and free Tickets	N/A							N/A
Traffic-based Tickets	N/A							N/A
Integrated RADIUS service	N/A							N/A
Connection Logging	N/A							N/A
No additional software/hardware required	N/A							N/A
Per-user and global bandwidth limiting	N/A							N/A
MAC-address based user accounts	N/A							N/A
User accounts import/export per CSV	N/A							N/A
Single-click ticket generation (Quick ticket)	N/A							N/A
Automatic client network configuration (support for DHCP and static IP)	N/A							N/A
Generic JSON-API for external accounting and third party integration	N/A							N/A
High Availability	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Hot Standby (active/passive)	N/A							N/A
Node Data/Configuration	N/A							N/A
Synchronization	N/A							N/A
Multi-WAN with Failover	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Support for multiple Uplinks/WANs
Automatic WAN Uplink Failover
Monitoring of WAN Uplinks
Uplink types: Ethernet (Static/DHCP), PPPoE, ADSL, ISDN, PPTP
UMTS/GPRS/3G support
Routing	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Static Routes
Source-based Routing
Destination-based Routing
Policy-based Routing (based on interface, mac, protocol or port)
Network Address Translation (NAT)	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Destination NAT
Incoming Routed Traffic
One-to-One NAT
Source NAT (SNAT)
IPSec NAT Traversal
Logging/Reporting	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Real-time Dashboard
Event handling and notification
Live Log Viewer (AJAX based)
Detailed User Based Web Access Report	N/A
Network/System/Performance Statistics
Rule-based logging settings (Firewall Rules)
Syslog: Local or Remote
Management	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Easy Web-based Administration (SSL)
Secure Remote SSH/SCP Access
Serial Console
Centralized Management through Endian Network (SSL)
Updates and Backup	4i Office / Industrial	Mini	Mercury	Macro X1	Macro X2	Macro R1	Macro R2	5-10 Users	25+ Users
Backup/Restore Firewall settings from Web-Interface
Centralized Updates through Endian Network
Anti-virus Definitions	N/A
URL Blacklist Definitions	N/A
Scheduled Automatic Backup
Encrypted Backups via E-mail
Instant Recovery/Backup to USB-Stick

Courtesy : http://www.endian.com/en/community/download/