LizardCam! FFMPEG and the Server

So, I struck on the most brilliant of brilliant ideas today, and decided to create a LizardCam! Basically, I get my web cam and hook it up to the server, then stream it live for any and all to view! But….how to actually do this? During class tonight I did some research on how to stream live video online using some sort of server, and I came across a very familiar name. FFMPEG…

FFMPEG is something that I hear about at work every now and then. It’s basically a media encoder. It doesn’t sound like anything too fancy, but basically it can accept input and then encode it into a different output. You can turn a .wav file into a .mp3 file and stuff like that. Or maybe even take video input from a web cam and turn it into something that can be streamed. HMMM… now things are getting interesting.

As with any sort of server.. setting up the configuration file to actually do what you want it to do is probably the most difficult aspect of the entire enterprise. Figuring out the CLI commands was even worse, but after giving it many many hours of work I finally managed to figure out how to get it all set up and had a working flash stream from my web cam. Huzzah! (this does not express anywhere near the amount of frustration I had to go through in setting this up)

AAAANYWAY, LizardCam is li—NOT live right now. I’m sleeping as of this post. But it will be live soon! I’m going to be running a live cam of Chopstick’s vivarium daily from 12:00p CDT until 01:30a CDT, and I have automated cron jobs in place that should turn the camera on and off at those times. We’ll see if that works when I wake up in about 8 hours. In the mean time, if you’re reading this and you’d like to see if the stream is up, check out the link below.

LizardCam!

Some Additional Configurations

I swear, it seems like every day that goes by, I find something else that I can change on this server! Just today, I was chatting with one of my good friends (well… kinda half chatting : / ) and I was trying to do something in one of my IRC channels hosting from the server. And… come to find out that I can’t kick an inactive user because I’m not the operator of the channel. And even though I’m the server admin for the server as a whole, I can find no configuration or setting anywhere in the entire server that would allow me to simple usurp the channel and kick the user. Laaaaaaaaaaaaame….

So, do some research. Come to find out that this is a well known limitation of most IRC daemons, and that the way to get past this problem is to install a service called ChanServ. Uh, wat? Ok, so it’s kinda like an addon for any given IRCd which gives the server more functions and more flexibility. You download, compile, and install the service to the machine and then connect it with the IRCd using the configuration file. Once you activate the two together, the server allows you to register chat rooms such that whether you’re in or out of the room, you’re the moderator.

Ok, so that will take care of the problem for sure! But… given that I’m running the whole set up in a chroot jail as it is, I can only imagine how complex it will be to configure. And complex it was! I had to figure out where to put the configuration files and all that stuff, and I had to figure out how to make it all work properly in the chroot jail on top of that. It has made me quite cranky!

Thankfully, it’s working! That’s always the best part of working with these sorts of things, is seeing it working after all that frustration. 😀 Plus the extra service is also running in the chroot jail along with the IRCd, so there’s still that nice extra layer of security and isolation from the rest of the machine. Very, very cool stuff.

 

For those who probably don’t understand what I’m talking about above; I found something frustrating with a thing on my server, banged my head against my keyboard for a while, and when it started working I drank myself to oblivion. Just keep that picture in your head and all will be well. XD

chroot Challenge and Loads of Server Drama!

The other day, I was so excited to have a working IRC server on my box at home that I kinda forgot how insecure IRC was. There is a big reason why IRC is banned at my web hosting employer, since it’s so easy to hack that it represents a serious botnet risk. One of my colleagues at work revealed to me how insecure IRC was, and that it was very well known that a hacker could break through the IRC daemon to the root system and do pretty much whatever. To help secure the daemon, he challenged me to place it into a chroot jail.

“What’s a chroot jail?” I asked.

He explained that it’s a way of changing the apparent root directory for an invoked command, such that the service running under that command is isolated from the rest of the system. It runs in a separate root on its own separate set of libraries. I didn’t get it at first, but I began to grasp the concept after a little while.

Basically, chroot is a core Linux command that will change the root that a command executes under. For something like IRCd, it will start the service using a separate root directory and a separate set of function libraries that the program needs to execute its code, and it will isolate the service from the rest of the system to keep the server secure.

What an interesting challenge to set up! I had to find out which function libraries IRCd used and copy them over to a chosen root directory for my chroot jail, move over all of the /bin/bash commands to the new root, place a passwd file in the new root so that it would recognize my user, and then try to run the service. To start, I began copying all of the libs over to a particular directory, and then decided to move it around a bit.

And then disaster struck…I moved the ENTIRE primary /lib/ directory by accident……

Just so you understand what this means, it’s like someone burned all the books in the library just as I was starting to research my bachelor’s thesis. My commands stopped working, because the programs that the commands use to run could no longer reference the functions in the /lib/ folder! I didn’t realize what I’d done at first, but then the reality slowly sank in that I’d horribly, horribly broken my server! I couldn’t even move the /lib/ folder back to where it belonged to get things working again! All that work and effort and blood and sweat came rushing right up to the forefront of my mind, and I was utterly horrified…

First, I tried to see if I could mount the server hard drive on my desktop Linux system so that I could rescue the server. No matter how I tried, I couldn’t get my desktop to recognize the device, and I eventually gave up on this option. And then I remembered that I still had the install DVD image, which comes with a rescue mode! I restarted the server, inserted the DVD, and then entered the rescue mode so that I could move the libs back to where they needed to be for the system to work properly. Thank God in Heaven that I was able to do this and largely resolve the issue without any serious pain!!

Very hard lesson learned, I then continued to set up the new chroot jail, and managed to successfully get the IRC working in it. After that, I set up a couple of shell scripts executable by the root user so that I could activate and deactivate the server without any serious trouble. I’ll gladly call that a night well spent, thank you!

IRC Works!!

Finally! At long last (a few days), I have finally confirmed that IRC is working correctly on my server!

Basically, I gave tech support a call and they set up my server to be in the DMZ. I’d already tried this a few times, but every time I configured the server to be in the DMZ, the router would say that the device was off. This time, however, I just rebooted the server so that the router would recognize that it was online, and after that everything just started to work exactly how I wanted it to. It was glorious!

Finally, I can set up my SSH and my IRC servers to be on non-standard ports and confirm that they are working exactly the say that they’re supposed to. And I don’t think that the server is less secure by all that much than it was previously.

This is all too cool! I now need to take some time to learn how iptables works so that I can have that extra bit of security if I need it.

IRC?

So, I had a run at installing an IRC server to the box tonight, and that seemed to go pretty well. It was reasonably well documented, and the set up process wasn’t too difficult. It seems that a lot of systems that you have to compile from source are set up with some sort of configuration script that does most of the decision making for you.

Anyway, it’s up and running and listening, and I got the proper DMZ set up on the router, but for whatever reason I can’t seem to connect. I did a port scan on the server and found that the IRC port was being blocked still, so I’m unsure what the deal is. It’s a bit frustrating, because I feel like I should be able to resolve this on my own, but at the same time I feel like there is something else going on with the ISP.

As my roommate said, "He likes to come home and do WORK THINGS for FUN."
As my roommate said, “He likes to come home and do WORK THINGS for FUN.”

Meh. The good news is that I can connect to the IRC server when I try to do so locally on the network. So it’s working that far, I think. Oh well! When I have a chance I may give support a call and see what they think.

AwStats

So, something that had kinda been sitting on my mind for a little bit was installing a statistics program to the server to properly parse the access logs. Of course AwStats comes to mind, since that’s the most prominent statistics program at work.

I was able to download and install the package using YUM, and thankfully AwStats came with a configuration script that did most of the difficult stuff for me. After that, it was reading the documentation to figure out how to make the script visible on a web browser. It was a bit difficult to figure out how to do it right, but I eventually opted for having the program build an HTML file, which I symlink’d to the web root.

I figured out the appropriate sequence of commands, and then compiled it all into a simple alias that updates the AwStats database, builds the HTML file, and symlinks it to the webroot. This way, I can just type one word, view my stats, and then type my second alias that removes the symlink and the HTML file when I’m done. It works perfectly!

I’m thoroughly enjoying my new serverbox and all that I’m able to do with it. Given patience, I’m really getting the feeling that there’s very little that I can’t do with it. :3