In today’s digital world, data is one of the most valuable assets for individuals and organizations. As such, it is crucial to implement proper security measures to protect sensitive information stored on devices. However, we often fail to do so, especially with our personal computers. The reason could be simple: sophisticated security tools are not budget-friendly, and open-source tools, which come for no extra cost, would need more technical knowledge to set up. Anyways, that’s a different debate. One common yet effective security technique to overcome is to configure pre-installed software to work as a security tools. To support this, we have this blog post that helps you turn a multimedia framework, FFmpeg, into a security tool that detects and responds to unauthorized login attempts.
In this post, we will walk you through the steps that allow you to use FFmpeg as an Introduction Detection Software just by tweaking some configurations and making FFmpeg take a photo when there is a failed login attempt on your Ubuntu desktop/Laptop machine. Configuring FFmpeg in this manner provides a simple and automated way to capture images of potential intruders.
An Introduction to FFmpeg
FFmpeg is an open-source, cross-platform command-line tool for handling video, audio, and other multimedia files and streams. Its capabilities are extremely powerful for working with multimedia. However, there are some of the key features that make FFmpeg useful for security applications include:
- Support for accessing webcams and other video input devices
- Ability to capture still image frames from video sources
- Scripting capabilities to trigger actions on events
- Available on all major operating systems, including Ubuntu Linux
By leveraging these capabilities, we can configure FFmpeg to monitor login attempts and snap photos when it detects a failed password entry. The images can then be stored and reviewed later to identify unauthorized users.
Prerequisites for Setting Up FFmpeg as an Intrusion Detection System
Before we begin configuring FFmpeg as an Intrusion Detection System, there are a few requirements that need to be met. The requirements are simple and straightforward.
- Ubuntu Desktop 18.04 or higher
- FFmpeg installed
- A text editor like Vim or Nano
- Root or sudo privileges to edit system files
- A webcam or other video input device connected to the Ubuntu computer
- Enough storage space to save captured images
Note: It’s not mandatory to have Ubuntu. You can do this pretty much on any OS platform like Windows, Mac, Linux, or anything you name it. We have chosen Ubuntu for this demo.
How to Configure FFmpeg as an Introduction Detection System?
Here is a detailed step-by-step guide on how to configure FFmpeg as an intrusion detection system to take a photo when a wrong password is entered.
Time needed: 10 minutes
How to Configure FFmpeg as an Introduction Detection System?
- Install FFmpeg on Linux
FFmpeg needs to be installed on the Linux system before we can configure it. The installation process varies slightly across different Linux distributions:
sudo apt update
sudo apt install ffmpeg
sudo yum install epel-release
sudo yum install ffmpeg ffmpeg-devel
sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm
sudo dnf install ffmpeg ffmpeg-devel
On Arch Linux:
sudo pacman -S ffmpeg
Once installed, verify FFmpeg is working by checking the version:
- Identify the video device
We need to determine the video device path of your webcam to add it in the script that we are going to create in the next step. Run this command to list all connected video devices:
If you were unable to list the video devices for some reason, you could use a small utility named ‘v4l-utils‘. Run these commands to install the utility and list the connected video devices.
sudo apt install v4l-utils
On most systems, the integrated webcam is
/dev/video0. Make a note of your device path.
- Create a Script to Take a Picture
Let’s write a simple Bash script to configure FFmpeg to take a snapshot from the webcam.
You can use your choice of editor to create the script file ‘take_picture.sh’ in ‘/usr/local/bin/’ path. We use Nano editor as it is my favorite editor.
sudo nano /usr/local/bin/take_picture
Write this content inside your script file and save and exit.
ffmpeg -f video4linux2 -s vga -i /dev/video0 -vframes 3 /home/divya/Pictures/Webcam/vid-$dates.%01d.jpg
Two things you need to pay attention here:
1. Video device location: dev/video0
2. The path where you want to save the clicked pictures: /home/divya/Pictures/Webcam/vid-$dates.%01d.jpg
You need to update these two paths according to your needs. Our script captures a frame from /dev/video1 device and saves it as a JPG image with a timestamp in the
Optional: If you see an error like “nano command not recognize”, then you should install nano editor by running this command before you create the script file:
sudo apt install nano
- Make the script executable
In Linux, you should ensure that your file has execution permission before you run it. The script needs to have the executable permission set. Enable execution permission using chmod command.
chmod +x /usr/local/bin/take_picture
- Integrate the script with PAM to capture images when failed logins
To trigger the script to take pictures from your integrated webcam only when there is a failed login attempt, you should integrate the script with PAM (Pluggable Authentication Modules) in Linux. To do so, edit the PAM configuration file ‘common-auth’ and add the following line under the pam_unix.so module:
sudo nano etc/pam.d/common-auth
Add these two lines as shown in the picture.
# Add these lines
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [default=ignore] pam_exec.so seteuid /usr/local/bin/take_picture
This will now execute our script to take a snapshot whenever an incorrect password is provided during login. The full integration is now complete! FFmpeg will silently take a photo of anyone attempting to log in with a bad password.
- Image captured on failed logins
Images were captured under the specified directory ‘/home/divya/Pictures/Webcam/‘.
Configuring FFmpeg to take photos during failed logins provides a clever way to detect and identify potential intruders. The images captured can be easily reviewed and analyzed as needed. FFmpeg’s multimedia capabilities make it well-suited for security-oriented tasks like this.
While this method will not prevent unauthorized access on its own, it serves as a useful component in a comprehensive system to protect Ubuntu desktops and servers. This kind of automated intrusion detection can alert system owners of suspicious activity and provide evidence when investigating breaches.
There are also additional steps that can be taken to enhance this technique, such as sending the captured images to a central server, sending it over email, or restricting the script to only trigger when repeated failures occur. Nonetheless, this demonstrates the basics of utilizing FFmpeg for proactive security monitoring and response.