Arclight: Created page with "This page explains how to set up a Sheevaplug embedded PC for monitoring the Open Access Control. Updated 10/19/2012 (originally published at code.google.com) ==Plug Compute..."

2014-06-03T22:29:48Z

Created page with "This page explains how to set up a Sheevaplug embedded PC for monitoring the Open Access Control. Updated 10/19/2012 (originally published at code.google.com) ==Plug Compute..."

New page

This page explains how to set up a Sheevaplug embedded PC for monitoring the Open Access Control.

Updated 10/19/2012 (originally published at code.google.com)

==Plug Computer Device Setup==

Tutorial based on the Sheevaplug PC from Globalscale Technologies and ArmedSlack Linux v13.37.

1. Download ArmedSlack 13.37.

mkdir armedslack
cd armedslack
rsync -Pavv --delete ftp.armedslack.org::armedslack/armedslack-current .

2. Install an 8GB MMC card. We used high-speed model from Sandisk, no problems.

3. Attach to the plug PC with a mini USB to USB A cable. Linux terminal instructions are in the Slackware install doc here: ftp://ftp.armedslack.org/armedslack/armedslack13.3/INSTALL_KIRKWOOD.TXT

Windows USB serial drivers are here, also more Linux help:

http://www.plugcomputer.org/plugwiki/index.php/Serial_terminal_program

4. Follow installation instructions at:

ftp://ftp.armedslack.org/armedslack/armedslack/3.37/INSTALL_KIRKWOOD.TXT

5. Set up a TFTP and NFS server. Instructions for Ubuntu are below.

TFTP

NFS

a. If you get a CRC error on the boot or root image, re-download it from the mirror site and try again. This seems to be a common problem. Also, be sure you did not download and of the packages in ASCII mode.

b. You need to run mmcinit twice on the boot loader to get it to recognize the card.

c. Use an ext2 file system for the /boot volume. The / volume can be ext4 (recommended for journaling)

d. The device names should be as follows:
<pre>
/dev/mmcblk0p1 2048 206847 102400 83 Linux
/dev/mmcblk0p2 206848 1845247 819200 82 Linux swap
/dev/mmcblk0p3 1845248 15646719 6900736 83 Linux

</pre>

Using /dev/sda1,sda2,sda3 does not work! These file system sizes are good for the 8GB card.

e. Use these boot arguments:
<pre>
Marvell>> setenv bootargs_console console=ttyS0,115200
# note changed device file:
Marvell>> setenv bootargs_root 'root=/dev/mmcblk0p3 waitforroot=10 rootfs=ext4'
Marvell>> setenv bootcmd 'setenv bootargs $(bootargs_console) $(bootargs_root); run bootcmd_slk ; reset'
# for MMC:
Marvell>> setenv bootcmd_slk 'mmcinit;ext2load mmc 0:1 0x01100000 /uinitrd-kirkwood;ext2load mmc 0:1 0x00800000 /uImage-kirkwood;bootm 0x00800000 0x01100000'
# save
Marvell>> saveenv
Marvell>> reset
</pre>

6. Install these packages:
<pre>-All dev/make/gcc/binutils/glibc/kernel headers/etc</pre>

This will enable building from source. This is much easier to do from the inititial installation script. pkgtool does not let you see the "everything" and "all dev" type options later. You'll get stuck having to manually add missing libraries/etc like I did, so watch out!

*iptables (Needed for securing the system later)

*All networking, openssl, basic required packages. -All Marvell utilities in the Slackware distribution

*These specific packages we need for the Security Monitoring scripts:

a. msmtp (Command-line mail sending client. Will work with SMTP/Gmail/Yahoo/etc)

Download and build from: http://msmtp.sourceforge.net Must also install openSSL for TLS/SSL support! Also, install a root CA file from Firefox or similar in: /etc/ssl/certs/ca-certificates.crt

b. minicom (Terminal program, we use this to communicate with the Arduino.)

Use the built-in Slackware package, but be aware that it will just hang and seg-fault unless you first modify this file:

/etc/minirc.dfl -> Open this file in vi and add a carriage return/line feed at the bottom and save.

c. screen (We use screen to run minicom interactively)

Note:

A complete installation of everything will fit on the 8GB flash card. You can also pull the flash card out and copy the complete set of package files from your host PC to a directory once the basic install is completed. This will leave you with abotu 2GB free on the / file system.

7. Configure networking and plug in your Arduino to the large USB 'A' port. The stock kernel seems to have no problem recognizing the built-in network devices and the FTDI chip on the Arduino is recognized as :

/dev/ttyUSB0

8. Now it's time to configure our monitoring stuff. Follow these instructions:
Setup the monitoring system

a. Create a normal user to run your monitoring scripts under. We'll call this user "access" for the tutorial.

b. Create a directory called "scripts" in their home directory. Place the following files in this directory and modify the e-mail addresses, messages, etc as needed.
<pre>
start_screen_logging.sh

#!/bin/bash
# Start logging functions in a screen
/bin/su - access -c "screen -dmS MINICOM /home/access/scripts/start_logging.sh"

log_notify.sh:
</pre>

<pre>
#!/bin/bash
tail -0f /home/access/scripts/access_log.txt | egrep --line-buffered -i "authenticated" | while read line
do
rm /home/access/scripts/message_tmp.txt
cp /home/access/scripts/log_msg.txt /home/access/scripts/message_tmp.txt
sleep 1
tail -6 /home/access/scripts/access_log.txt >> /home/access/scripts/message_tmp.txt
msmtp -t < /home/access/scripts/message_tmp.txt
done

log_alert.sh:
</pre>

<pre>
#!/bin/bash
cd /home/access/scripts
tail -0f /home/access/scripts/access_log.txt | egrep --line-buffered -i "triggered" |
while read line
do
msmtp -t < /home/access/scripts/alert_msg.txt
done
</pre>

log_msg.txt:
<pre>
From:hackerspace_notifier@yourdomain.com
To:somebody@domain.com, somebody_else@anotherdomain.com
Subject:User at the Hacker Space
</pre>

log_alert.txt:
<pre>
From:hackerspace_notifier@yourdomain.com
To:somebody@domain.com, somebody_else@anotherdomain.com
Subject: Alert: Alarm triggered at shop

Please log in to the webcame at http://www.somedomain.com/cameras to check status.

-The Hacker Space
</pre>

start_logging.sh:
<pre>
#!/bin/bash
/usr/bin/minicom -C /home/access/scripts/access_log.txt
</pre>

c. Secure the scripts directory: chmod -r 700 /home/access/scripts

d. Secure the USB serial port:

chown root:dialout /dev/ttyUSB0

chmod 770 /dev/ttyUSB0

ls -al /dev/ttyU*

crw-rw---- 1 root dialout 188, 0 2011-09-25 16:36 /dev/ttyUSB0

Add the user "access" to the group dialout: gpasswd -a access dialout dialout:x:16:access

e. run minicom -s and configure the comm parameters. The defaults for Open Access are:

/etc/minirc.dfl:
<pre>
pr port /dev/ttyUSB0
pr lock /var/lock
pu baudrate 57600
pu minit
pu mreset
pu mdialpre
pu mdialsuf
pu mdialpre2
pu mdialsuf2
pu mdialpre3
pu mdialsuf3
pu mconnect
pu mnocon1
pu mnocon2
pu mnocon3
pu mnocon4
pu mhangup
pu mdialcan
pu rtscts No
</pre>

f. Configure iptables with some basic rules to protect the monitoring system. Tutorial here:

Iptables rules

g. Add the following file to /home/access. Modify as needed for your outgoing e-mail account.

.msmtprc
<pre>
#Gmail account
account gmail
host smtp.gmail.com
from myuser@gmail.com
auth on
tls on
tls
tls_trust_file /etc/ssl/certs/ca-certificates.crt
user xxxx@gmail.com
password xxxx
port 587
#tls_certcheck off

#ATT Account
account att
host smtp.att.yahoo.com
tls on
auth on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
tls_starttls off
from xxx@att.net
user xxx@att.net
password xxxx

account default : att
</pre>
h. Add the following lines to /etc/rc.d/rc.local:

<pre>
/etc/sysconfig/iptables
/bin/su - access -c "/home/access/scripts/log_notify.sh &"
/bin/su - access -c "/home/access/scripts/log_alert.sh &"
/home/access/scripts/start_screen_logging.sh
</pre>

i. With the Arduino connected, reboot everything and verify that it all comes up automatically. You should be able to log in via ssh, type "screen -rd" and be connected to an interactive session on the Arduino. Please secure the ssh system with certificates and/or good passwords.

Sheeva Plug Monitoring - Revision history

Arclight: Created page with "This page explains how to set up a Sheevaplug embedded PC for monitoring the Open Access Control. Updated 10/19/2012 (originally published at code.google.com) ==Plug Compute..."