Ispy and off premises storage using AWS S3

Nice little windows program for surveillance using webcams.   Offloading snapshots and videos to s3 storage using s3cmd and monitoring video directory structure with inotify.  Windows storage is set to save files on windows samba mount provided by linux vm running on same windows machine (inotify does not work with network drives).  Good enough for now, but need to better organize uploads.  Perhaps by webcam and need to filter out thumbnails.

My script: #! /bin/bash folder=/home/directory/Videos cdate=$(date +"%Y-%m-%d-%H:%M") inotifywait -m -e create -r --format '%w%f' $folder | while read file do echo "Working file '$file'" s3cmd put $file s3://cloudbucket/ispy/ done

Web commands working with ispy:
<command id="0" name="cmd_Switch all on" command="ispy ALLON" smscommand="ALL ON" /> <command id="1" name="cmd_Switch all off" command="ispy ALLOFF" smscommand="ALL OFF" /> <command id="2" name="cmd_Apply schedule" command="ispy APPLYSCHEDULE" smscommand="APPLY SCHEDULE" /> <command id="3" name="cmd_Record on detect all" command="ispy RECORDONDETECTON" smscommand="RECORDONDETECTON" /> <command id="4" name="cmd_Record on alert all" command="ispy RECORDONALERTON" smscommand="RECORDONALERTON" /> <command id="5" name="cmd_Record off all" command="ispy RECORDOFF" smscommand="RECORDOFF" /> <command id="6" name="cmd_All alerts on" command="ispy ALERTON" smscommand="ALERTON" /> <command id="7" name="cmd_All alerts off" command="ispy ALERTOFF" smscommand="ALERTOFF" /> <command id="8" name="cmd_Record all start" command="ispy RECORD" smscommand="RECORD" /> <command id="9" name="cmd_Record all stop" command="ispy RECORDOFF" smscommand="RECORDOFF" />

Rasperry Pi 2 - boot from USB

Change boot device in cmdline.txt to /dev/sda2:

dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/sda2 rootfstype=ext4 elevator=deadline fsck.repair=yes fsck.mode=force rootwait

Still boots from SD Card first, but USB is supposedly faster.  Nice article here on the full procedure:

https://www.stewright.me/2013/05/install-and-run-raspbian-from-a-usb-flash-drive/

To write image to usb drive, use this command from within linux VM:

> $ sudo dd if=raspbx-22-09-2016.img of=/dev/sdb

7626752+0 records in
7626752+0 records out
3904897024 bytes (3.9 GB) copied, 1875.02 s, 2.1 MB/s

Django - JSON API for incoming POST

Need a way to bring in a POST with JSON data and django appears to be workable.  sqlite and webserver built-in for quick prototype.  I'm now able to receive an SMS and log the JSON data.

Installing Django:

   14  wget https://bootstrap.pypa.io/get-pip.py
   16  python get-pip.py
   28  pip install Django
   90  pip install sh

python manage.py runserver 0.0.0.0:8000

False Alarms

Getting false alarms from the garage reed switch.  Fairly reliable, but every now and then it gets tripped.  Need to narrow down which one is tripping - 9:51 is false alarm:

12/05/2016 05:43:35 AM alarm tripped 0xAF
12/12/2016 09:51:35 AM alarm tripped 0x9F
12/12/2016 08:36:31 PM alarm tripped 0x9F
12/13/2016 09:29:15 AM alarm tripped 0xCF

GPIO pins on Raspberry Pi 2 with a Reed Switch

Good information here:

https://luketopia.net/2013/07/28/raspberry-pi-gpio-via-the-shell/

Pulled down the utility script and it just works.   Appears GPIO4 is tied to a pull up?  Shows 1 when reed switch is open.   Used a 10k pull down and goes to zero when closed.

Pic here.

Alarm via SMS

I've been monitoring doors with the K8000 inputs for years.   I'm using Asterisk to call a local endpoint registered on my smartphone, but want something for when I'm away.  Communications Platform as a Service (CPaaS) allow this (Twilio, Vonage, ShoreTel, etc), so here are the steps to get SMS out from BBB when the alarm is tripped:


1. Fixed DNS, which was not working.
2. Using CPaaS create a REST API command that can be used on BBB.  The platform I'm using requires http POST and provides some JSON examples (the examples had documentation errors - ie optional fields that were required).
3. Learn Postman, a google chrome extension, allows you to create http POST commands on the fly, test, and copy code in various formats.    Python should work, but I'm no 2.7 not 3, which is not supported by Postman.  Shell -> Curl did not work, but Curl did.
4. Add Curl to BBB
5. Create bash script that has Curl code.
6. Add bash script to python monitoring scirpt and wah lah, SMS when alarm tripped.

The REST API requires authentication, which needed to be investigated.  Here is a good description:

https://stormpath.com/blog/the-problem-with-api-authentication-in-express

REST API Security Explained

Before diving into the ecosystem options and challenges that currently exist, I’d like to take a moment to cover how REST API authentication should ideally work. There are exceptions to this rule, of course, but in general, the following hold true for most public (and private) API services.

There are two common ways to secure your REST API service: either via HTTP Basic Authentication or OAuth 2.0 with Bearer Tokens.

If your service is going to transmit sensitive information, it’s best to serve it over HTTPS to ensure that data can’t be leaked in transit.

API Keys

At the core of any API service are API keys. API keys allow developers to authenticate against an API service.

But what should API keys look like, ideally? What is the ideal way to generate API keys?

Well, before answering that question, lets take a look at one way you don’t want to do it.

How Not to Generate API Keys

How many of you have used an API service that generates a single API key for you?

For instance, many times I’ll sign up for an API service and get a generated API key that looks something like this: 6myyAgKSZuLaextotmfQiRPdLkc79ycjgqhqKD51.

Unfortunately, if you’re only receiving a single API key from a provider, chances are, this provider isn’t properly securing their REST API.

All API keys should really be API key pairs.

The way HTTP Basic Authentication works is that it allows you to specify two pieces of information with each request: a ‘username’ and a ‘password’.

When you submit an API request to a service secured with HTTP Basic Authentication, what you’re really doing is taking your username and password (API key pair), smashing them together into a string (separated by a colon character), then base 64 encoding the result and setting it as the HTTP Authorization header.

If you have only a single API key, you’ll end up with an HTTP Authorization header that looks like this: apikey:.

As you can imagine, this can lead to guessable API keys as an attacker can simply try every possible string until they ‘guess’ the correct API key. Depending on the length of your API key, this might make an attacker’s job very easy since an attacker only needs to guess your API key in order to make API requests on your behalf. For instance, let’s say your API key is 5 characters
in length — this means an attacker could simply try every combination of characters until they guess your API key.

With two API keys (a username and a password), it is much harder for an attacker to ‘brute force’ your API keys as it will take much, much longer computationally to try that number of string permutations.

Linux USB maxpower command and outputs

Sat Jan 02 11:35:53 craiga>lsusb -v |grep 'Bus\|MaxPower'

Bus 001 Device 002: ID 0a5c:bd11 Broadcom Corp. TiVo AG0100 802.11bg Wireless Adapter [Broadcom BCM4320]
      (Bus Powered)
    MaxPower              200mA

Bus 001 Device 002: ID 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS]

      (Bus Powered)

    MaxPower              500mA

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

    MaxPower                0mA

Asterisk to control GPIO on Beaglebone

Couldn't figure out Freepbx GUI, so went to /etc/asterisk/extensions_custom.conf and added these extensions:


exten => 3000,1,Playback(one-moment-please)
exten => 3000,2,System(/var/lib/asterisk/myscripts/heatoff.sh)
exten => 3000,n,Hangup

exten => 3001,1,Playback(one-moment-please)
exten => 3001,2,System(/var/lib/asterisk/myscripts/heaton.sh)
exten => 3001,n,Hangup


Executing System(do some stuff to GPIO) but ran into permissions problem.  After changing "direction" to 666 asterisk appears to have access.

root@raspbx:/# ls -l /sys/class/gpio/gpio7/
total 0
-rw-r--r-- 1 root root 4096 Jan  2 18:26 active_low
-rw-r--r-- 1 root root 4096 Jan  2 17:40 direction
-rw-r--r-- 1 root root 4096 Jan  2 18:26 edge
drwxr-xr-x 2 root root    0 Jan  2 18:26 power
lrwxrwxrwx 1 root root    0 Jan  2 18:26 subsystem -> ../../../../class/gpio
-rw-r--r-- 1 root root 4096 Jan  2 18:26 uevent
-rw-r--r-- 1 root root 4096 Jan  2 07:10 value

root@raspbx:/# cd /sys/class/gpio/gpio7/
root@raspbx:/sys/class/gpio/gpio7# ls
active_low  direction  edge  power  subsystem  uevent  value
root@raspbx:/sys/class/gpio/gpio7# chmod 666 direction
root@raspbx:/sys/class/gpio/gpio7# ls -l
total 0
-rw-r--r-- 1 root root 4096 Jan  2 18:26 active_low
-rw-rw-rw- 1 root root 4096 Jan  2 17:40 direction
-rw-r--r-- 1 root root 4096 Jan  2 18:26 edge
drwxr-xr-x 2 root root    0 Jan  2 18:26 power
lrwxrwxrwx 1 root root    0 Jan  2 18:26 subsystem -> ../../../../class/gpio
-rw-r--r-- 1 root root 4096 Jan  2 18:26 uevent
-rw-r--r-- 1 root root 4096 Jan  2 07:10 value