Debian 12 Bookworm with Zoneminder 1.36.33

From ZoneMinder Wiki
Revision as of 14:15, 4 March 2017 by Bbunge (talk | contribs)
Jump to navigationJump to search

Debian 9 with Zoneminder 1.30.0

04MAR17 Zoneminder has been pulled from Debian 9 because of a reported vulnerability. Actually this was caused by the install procedure and not Zoneminder itself. Am working to get the package reinstated. Alternative install procedure provided below.

This procedure fixes the directory browse vulnerability.

Use Debian 9 net install CD. Install only: web server, SSH server and standard system utilities from tasksel

Login and become root (su root) or prepend sudo to the following commands

If needed check to make sure you are up to date 

apt update
apt upgrade
apt dist-upgrade

Install additional LAMP components (Mariadb server recommended) 

apt install php mariadb-server php-mysql apache2-mod-php7.0

Secure Mariadb, create root password et. al. 

mysql_secure_installation


Or to install MySQL Server 

apt install php default-mysql-server php-mysql apache2-mod-php7.0

Install Zoneminder 

apt install zoneminder

Alternative install procedure.

Download the Zoneminder packages: https://packages.debian.org/unstable/zoneminder and https://packages.debian.org/unstable/zoneminder-doc

Install Zoneminder 

dpkg -i zoneminder_1.30.0+dfsg-2_amd64.deb
dpkg -i zoneminder-doc_1.30.0+dfsg-2_all.deb

You will get install errors about dependences not met. Fix with: 

apt install -f

Create Zoneminder database in MySQL (Note: this also creates the default Zoneminder user and permissions in MySQL) 

mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql

mysql -uroot -p -e "grant all on zm.* to 'zmuser'@localhost identified by 'zmpass';"

mysqladmin -uroot -p reload

Set permissions of /etc/zm/zm.conf to root:www-data 740 

chmod 740 /etc/zm/zm.conf

chown root:www-data /etc/zm/zm.conf

Enable Zoneminder service to start at boot 

systemctl enable zoneminder.service

Add www-data to the sudo group (to enable use of local video devices) 

adduser www-data video

Start Zoneminder 

systemctl start zoneminder.service

Check to see that Zoneminder is running 

systemctl status zoneminder.service

Enable CGI and Zoneminder configuration in Apache. 

a2enmod cgi

a2enmod rewrite

a2enconf zoneminder

Add timezone to PHP 

nano /etc/php/7.0/apache2/php.ini

Search for [Date] (Ctrl + w then type Date and press Enter) and make changes as follows for your time zone. Be sure to remove the ; before date.timezone 

[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = America/New_York

Ctrl+o Enter to save

CTRL+x to exit

Change permissions in /usr/share/zoneminder/ 

chown -R www-data:www-data /usr/share/zoneminder/

Note: the following edit fixes the expose directory "vulnerability."

Edit zoneminder.conf Note: The following changes may be in the file. 

nano /etc/apache2/conf-available/zoneminder.conf

Add a - before Indexes and a + before FollowSymLinks as shown 

<Directory /usr/share/zoneminder/www>
  Options -Indexes +FollowSymLinks

Make sure the following is at the bottom of the file 

<Directory /usr/share/zoneminder/www/api>
    AllowOverride All
</Directory>

Ctrl+o Enter to save

CTRL+x to exit

Restart Apache 

service apache2 restart
Retrieved from "https://wiki.zoneminder.com/index.php?title=Debian_12_Bookworm_with_Zoneminder_1.36.33&oldid=14446"