Update readme

This commit is contained in:
Steven Polley 2020-10-24 00:04:28 +00:00
parent f977240dfe
commit 3b038c2515
2 changed files with 141 additions and 6 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
storage-security

144
README.md
View File

@ -1,17 +1,21 @@
# storage-security # storage-security
NOTE: All of this is untested, I don't yet have hardware - just planning ahead.
Security solution for my storage locker. Deployed to a raspberry pi with an attached camera. Security solution for my storage locker. Deployed to a raspberry pi with an attached camera.
##### The Background
In mid-October 2020, my storage unit was broken into. This is going to be my method of collecting evidence and hopefully to identify the intruder. I'm also just trying to have fun with what is overall a bad situation for me. The major constraint for this project is it must be low power and there is no persistent communication channel to allow streaming video off premises (risk is intruder may discover and remove the storage device from the premises). Using some clever tricks, I may be able to mitigate this risk 90% of the time by keeping a phone hidden in my parked vehicle which syncs log and video data when my vehicle is parked in my parking stall?
### Technology Stack ### Technology Stack
* Raspberry Pi 4 w/ camera * Raspberry Pi 4 w/ camera
* GoCV * OpenCV via GoCV bindings
* Syncthing * Syncthing
The raspberry pi is configured as a WLAN AP which my phone will connect to. My phone will also be running syncthing and have the RPI configured as a sync device. The phone will pull logs and videos taken from the RPI which have been saved to the sync folder each time my phone connects. The raspberry pi is configured as a WLAN AP which my phone will connect to. My phone will also be running syncthing and have the RPI configured as a sync device. The phone will pull logs and videos taken from the RPI which have been saved to the sync folder each time my phone connects.
The same folder on my phone is also a syncthing destination with spud, so when I come back upstairs, it uploads it to my server.
This isn't a foolproof method in case the intruder locates the RPI / camera and disables / destroys it / removes it. The data is still stored on the RPI until the next time I'm within proximity. This is an acceptable risk given the constraints, however if a better method is discovered to immediately store the data outside of the storage unit that would be preferred (something low powered sitting in my vehicle? ) This isn't a foolproof method in case the intruder locates the RPI / camera and disables / destroys it / removes it. The data is still stored on the RPI until the next time I'm within proximity. This is an acceptable risk given the constraints, however if a better method is discovered to immediately store the data outside of the storage unit that would be preferred (something low powered sitting in my vehicle? )
### Raspberry Pi Setup ### Raspberry Pi Setup
@ -22,6 +26,15 @@ Full steps to re-build this system are below.
1. Connect the camera 1. Connect the camera
2. Image the SDcard with Raspberry Pi OS Lite (minimal image based on debian) - make sure to pick lite - do not use the desktop version. 2. Image the SDcard with Raspberry Pi OS Lite (minimal image based on debian) - make sure to pick lite - do not use the desktop version.
3. Connect a keyboard, mouse and monitor
4. Connect ethernet cable with internet connection
5. Update all packages, and install some prerequisites
```bash
sudo apt update && sudo apt upgrade -y
sudo apt install vim hostapd dnsmasq golang
```
##### Boot optimizations ##### Boot optimizations
@ -44,8 +57,129 @@ Edit /boot/cmdline.txt to make kernel quiet. The following is an example, the k
dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=32e07f87-02 rootfstype=ext4 elevator=deadline fsck.repair=yes quiet rootwait dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=32e07f87-02 rootfstype=ext4 elevator=deadline fsck.repair=yes quiet rootwait
``` ```
Disable dhcpcd - useless service in this case ##### Configure Networking
The RPI will act as an access point (not wireless client) using WPA2-Personal with both PSK and MAC authentication. It also needs to act as a DHCP server. The reason this is required is to provide a communication channel to collect data from the device. Once it's installed in the field, there will be no LAN connectivity and will rely on me passing by with my cell phone in pocket to periodically synchronize logs and video feed data - so the Pi must be configured to act as an access point which my phone will automatically connect to once in range.
Set a static IP for WLAN0 interface by editing /etc/dhcpcd.conf
```conf
interface wlan0
static ip_address 10.69.0.1/30
denyinterfaces wlan0
```
Next configure the sole DHCP address. You can clear the entire contents of /etc/dnsmasq.conf and just add the following:
```conf
interface=wlan0
dhcp-range=10.69.0.2,10.69.0.2,255.255.255.252,2h
```
Finally, configure host access point daemon by creating the file named /etc/hostapd/hostapd.conf
```conf
interface=wlan0
hw_mode=g
ieee80211n=1
channel=7
wmm_enabled=0
macaddr_acl=1
accept_mac_file=/etc/hostapd/accept
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ssid=StealThisYouStupidCrackheads
wpa_passphrase=PASSWORD
```
Be sure to change the password in the above config. We also need to point the system to this config file by modifying /etc/default/hostapd - only modify the DAEMON_CONF line as such:
```conf
# Original
#DAEMON_CONF=""
# Change it to this
DAEMON_CONF="/etc/hostapd/hostapd.conf"
```
Finally, add the MAC address of phone to the whitelist by editing /etc/hostapd/accept
```conf
00:11:22:33:44:55
```
Also make sure the services are enabled and reboot
```bash ```bash
sudo systemctl disable dhcpcd.service sudo systemctl enable hostapd
sudo systemctl enable dnsmasq
sudo reboot
``` ```
Once it comes back up, ensure that phone will connect and gets an IP address. Also attempt to ping the Pi from the phone (or vice versa) to validate communication is possible.
##### Install and Setup Syncthing
Follow the steps to add the syncthing apt source and isntall it - https://apt.syncthing.net/
Then setup the sync folder
```bash
sudo mkdir /sync
```
Setup syncthing to sync this folder with syncthing on my phone.
##### Build OpenCV and Application
Now that the infrastructure is set up the last thing needed is the application itself. The RPI will run hot and may crash if cooling is not provided. This stage will take up to an hour. Clone this repository onto the rpi and
```bash
cd ~
git clone https://deadbeef.codes/steven/storage-security.git
cd storage-security
go get
```
Build and install OpenCV:
```bash
cd ~/go/src/gocv.io/x/gocv
make install
```
Build and install storage-security:
```bash
cd ~/storage-security
go build .
sudo chmod +x storage-security
sudo chown root:root storage-security
mv storage-security /usr/local/bin
```
Create the systemd file at /etc/systemd/system/storage-security.service
```s
[Unit]
Description=storage-security
[Service]
ExecStart=/usr/local/bin/storage-security
[Install]
WantedBy=multi-user.target
```
And enable and start it
```bash
sudo systemctl enable storage-security.service
```
You should be able to test it out to see if motion detection and capture to file is working. If phone is connected to RPI SSID, then the /sync folder should also come over with the logs and capture video files.