librenms and oxidized plugin SSH issues

I was setting up LibreNMS (version 22.2.1 at time of writing) and found out that it also has a plugin called oxidized (version 0.28.0 at time of writing) that allows you to do back ups of configuration files. So I figured why not, let’s replace my dated rconfig setup. In my opinion oxidized is a bit archaic, but it seems to be based on an old tool called RANCID. So long story short, it is a bit on the YAML heavy side, it takes some manual configuration in shell. My oxidized config looks like this, for example:

# - keyboard-interactive

groups: {}
models: {}
pid: /home/oxidized/.config/oxidized/pid
  default: ssh
  debug: false
    secure: false
  default: file
    directory: /home/oxidized/.config/oxidized/configs
  default: csv
    file: /home/oxidized/.config/oxidized/router.db
    delimiter: !ruby/regexp /:/
      name: 0
      ip: 1
      model: 2
      username: 3
      password: 4
      ssh_kex: 5
      ssh_host_key: 6
      ssh_hmac: 7
      ssh_encryption: 8
      enable: 9
    gpg: false
  cisco: ios
  juniper: junos
  asa: asa

I kept getting KEX errors for my ASA when it was trying to log in:

raised Net::SSH::Exception (rescued RuntimeError) with msg "could not settle on kex algorithm"

My ASA router.db line looked like this (replacing xxxxx with actual passwords):


I knew this was a good KEX (diffie-hellman-group1-sha1), as I forced it via the ASA, and SSH worked via putty, or other switches on the network. It also worked for my cisco switches via oxidizer. For reference, my ASA is running 9.16(2)14 ASA and ASDM 7.17(1)152. I wanted to see what other options exist, so I ran show ssh:

madfw5# show ssh
Idle Timeout: 60 minutes
Version allowed: 2
Cipher encryption algorithms enabled: aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc
Cipher integrity algorithms enabled: hmac-sha2-256

and my KEX checked my KEX:

madfw5#  sh run ssh
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group14-sha256

But I kept getting the error. Doing some digging, I saw oxidizer uses NET:SSH perl module, and their GIT is pretty updated, and it showed what algorithms were currently supported:

I saw ecdh-sha2-nistp256 was allowed and supported, which worked on the ASA, by tabbing out the option:

madfw5(config)# ssh key-exchange group ?

configure mode commands/options:
  curve25519-sha256   Diffie-Hellman group-31-sha256
  dh-group1-sha1      Diffie-Hellman group 2 (DEPRECATED)
  dh-group14-sha1     Diffie-Hellman group-14-sha1
  dh-group14-sha256   Diffie-Hellman group-14-sha256
  ecdh-sha2-nistp256  Diffie-Hellman group-19-sha256

Then forced it by finishing out the command in configure terminal mode:

madfw5# conf t
madfw5(config)# ssh key-exchange group ecdh-sha2-nistp256

so now it shows:

madfw5(config)# sh run ssh
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh key-exchange group ecdh-sha2-nistp256

good to go, now the ASA is backing up and running oxidizer, huzzah! I am still learning what else oxidizer can do. My next step is to enable git, so it will automatically upload new versions of the configuration files it backs up.

Computer Hardware Gaming General Computing

Steelseries GG sucks – get the last version of engine

As most people seem to be aware, the Steelseries GG software sucks, and those of us who just needed Engine, are forced to upgrade. So I dug around for the last version of Engine only, none of the GG bloat and this was it: SteelSeriesEngine3.20.0Setup.exe

This is the direct link, while it works to steelseries’ website:

If they pull it, you can download here:

If you download it from steelseries or, these are the hashes:

MD5: E0828A3D321418513CEC2B273CF33607
SHA1: 5B1E48E51C02C685B236199C1A71F07E0396780E
SHA256: 7527895C81CB5C42CE51F5463FA7FAB79766952E1F8F34B5E6F1268CD2681EA0
SHA512: 534C496B597DF513863CC004BF4F413E3CDE6830748D2EF03897C7049075E381DADFCBD968B5A298D1F845DF9D6658555133A469D0D40E3D46F768920B15DC0F

If you were forced to upgrade to GG, make sure to uninstall and then install this version of Engine. This is currently working fine for my Windows 10 Pro 21H2 patched PC.


How to Install or Update PHP to 7.4 with ioncube on CentOS 7

I needed to upgrade my WHMCS host server to utilize PHP 7.4. I am coming from PHP7.3 and found it pretty straight forward of an upgrade. Also, 7.3 is end of life and only on security updates right now.

Step 1: First thing I would do is back up your server you are updating. If you can, do a snapshot.

Step 2: Update your server

yum install epel-release yum-utils -y
yum update -y

Step 3: Check the version of the PHP that is currently running.

php -v

Step 4: List all the PHP packages you have installed into a file, so you can refer to it to install all those packages in PHP 7.4

rpm -qa | grep php > /home/php_rpm_originals.txt

Step 5: Remove all the installed PHP packages

yum remove "php*" -y

Step 6: Install the updated Remi repository if it is not already installed.

yum install -y

Step 7: Enable the PHP 7.4 repository, install the core and required PHP packages. You can also refer to step 4 for the previously required packages.

yum --enablerepo=remi-php74 install php php-pdo php-fpm php-gd php-mbstring php-mysql php-curl php-mcrypt php-json php-bcmath php-tidy php-tcpdf php-xmlrpc -y

Step 8: Check the updated PHP version.

php -v

PHP 7.4.27 (cli) (built: Dec 14 2021 17:17:06) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
Step 9: Restart Apache to use the newly installed PHP 7.4

systemctl restart httpd

Step 10: Check what architecture you are running – in my case it was 64bit

uname -a

Linux 3.10.0-1160.53.1.el7.x86_64 #1 SMP Fri Jan 14 13:59:45 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Step 11: Download your version of the ioncube loaders

——————– For 64-bit System ——————–

cd /tmp


——————– For 32-bit System ——————–

cd /tmp


Step 12: unzip and move into the directory

tar -zxvf ioncube_loaders_lin_x86*
cd ioncube/
ls -ltrh

Step 13: Obtain your PHP location for modules.

php -i | grep extension_dir

extension_dir => /usr/lib64/php/modules => /usr/lib64/php/modules
Step 14: Copy the files you need, in our case it was 7.4.

cp /usr/lib64/php/modules

Step 15: Modify your php.ini file to include ioncube. I added mine at the top right below [PHP]. The line you want to add is:

zend_extension = /usr/lib64/php/modules/

vi /etc/php.ini

Once done editing, hit ESC and then type in :X and hit ENTER

Step 16: Restart apache or nginx/php-fpm servers
——————– Start Apache Web Server ——————–

systemctl restart httpd

——————– Start Nginx + PHP-FPM Server —————-

systemctl restart nginx
systemctl restart php-fpm

Verify install:

php -v

PHP 7.4.27 (cli) (built: Dec 14 2021 17:17:06) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with the ionCube PHP Loader + ionCube24 v11.0.1, Copyright (c) 2002-2022, by ionCube Ltd

General Computing

SABnzbd 3.4.1 Windows – Untrusted certificate

Interesting issue that popped up right after upgrading. My SABNZB started throwing cert errors on all of my usenet servers. Too much of a coincidence, and it looks like there was an expired cert. The error SabNZB kept spitting out was:

Server blablabla uses an untrusted certificate [Certificate not valid. This is most probably a server issue.]

This is a shameless pull from /u/MonstaGraphics on reddit who posted the fix.

  1. Press the Windows/Start button, Type MMC and press enter.
  2. Press Ctrl+M.
  3. Double-click on “Certificates” in the left list, then click the “Finish” button. Click “OK” to close the window.
  4. Expand “Certificates – Current User”, then expand “Intermediate Certificate Authorities”, then click “Certificates”.
  5. Find the expired certificate titled “R3”, and delete it. Close the Window, you don’t need to save anything once prompted.
General Computing

Bypassing the Google Chrome “Your connection is not private” Warning

Sometimes this will pop up, specifically with a website that has a CA signed by the military, government, or self signed certs. In Google Chrome, at least as of version 92.0.4515.159, you can do this to get around it. Just know, that your session may not be as secure as you’d like, so you better know what you are hitting!

The fix is to left click anywhere on the site page, and then type:


If it worked, the site should reload and get you in. You do not need to press enter, it will automatically take it. There’s no text box, or typing prompt, just type it on the screen after you left click on the page.

Operating Systems

CentOS 8 Stream Error setting up base repository

This is a super simple fix. If you are trying to set up a centos 8 stream server with just the boot iso and the internet. You need to select the repo that it can pick from so you can get your packages. When you are selecting your isntallation source, the “on the network” source you can pick for a repository URL is:

Select done and then you can select your packages. My go to is a minimal install, then you can continue your installation.

linux minecraft

Minecraft Bedrock Server on CentOS 8 Stream error with

My Minecraft server was working great on my CentOS 8 Stream server for a few months. Then an update they must have added or modified a dependency. When I would go to start it, it would throw:

./bedrock_server: error while loading shared libraries: cannot open shared object file: No such file or directory

Did a little googling and discovered I needed to install libnsl package:

dnf install libnsl

Once I did that, I was back up and running! Hopefully this helps someone else.

Cisco General Computing

Looking up Cisco ASA5506 timebomb Field Notice – FN64228

(UPDATED APRIL 2021) – As the link was broken and now fixed) I don’t know why this isn’t plastered on, but you can go to here and throw a serial number in and see if it’s affected by the timebomb that the C2000 CPU’s cause. This seems specific to the 5506x, there are other search tools and field notices at cisco to determine if your hardware is affected.

If you need to grab your SN, type show inv and it’ll spit out SN and version. I’ve found a bunch of V02 are unaffected, based on that lookup tool.

madfw5# show inv
Name: "Chassis", DESCR: "ASA 5506-X with FirePOWER services, 8GE, AC, DES"
PID: ASA5506           , VID: V04     , SN: JMX2xxxxxx

Name: "Storage Device 1", DESCR: "ASA 5506-X SSD"
PID: ASA5506-SSD       , VID: N/A     , SN: MSAxxxxxxxx


WHMCS remove NS1 and NS2 prefix

This one was bothering me for some reason. When you select the product type in your WHMCS Products/Services as Server/VPS it adds this NS1 and NS2 requirement. Which are just nameservers, it makes no sense! So if you change it from Server/VPS to OTHER the option goes away. If you have modules and other configurable options enabled, they’re all still there and work. Seems silly, but I reached out to WHMCS to ask why it exists in the first place.

Do know, this removes the hostname as well. If you want to keep hostname, you have the ability to hide NS1 and NS2 prefix’s and prepulate them instead. You would leave your Product/Service as Server/VPS and then make these changes:

The fields can be hidden by editing the /templates/orderforms/your_active_template/configureproduct.tpl file.

To remove one or more of the default fields on your order form entirely, you can change the field type to hidden and supply a unique value.

For example:


<label for="inputNs1prefix">{$LANG.serverns1prefix}</label>
<input type="text" name="ns1prefix" class="form-control" id="inputNs1prefix" value="{$server.ns1prefix}" placeholder="ns1">

<label for="inputNs2prefix">{$LANG.serverns2prefix}</label>
<input type="text" name="ns2prefix" class="form-control" id="inputNs2prefix" value="{$server.ns2prefix}" placeholder="ns2">

Replace with:

<!-- <label for="inputNs1prefix">{$LANG.serverns1prefix}</label> -->
<input type="hidden" name="ns1prefix" class="form-control" id="inputNs1prefix" value="host{$}" placeholder="ns1">

<!-- <label for="inputNs2prefix">{$LANG.serverns2prefix}</label> -->
<input type="hidden" name="ns2prefix" class="form-control" id="inputNs2prefix" value="host{$}" placeholder="ns2">

It is recommended to create your own custom order form to preserve changes through any upgrades –

Hopefully this helps someone, enjoy!


Writing multiple lines of code to a file in linux

Sometimes it’s needed to create multiple files, repeatadly with linux. This should work with any of the major distros: CentOS, Ubuntu, Fedora, Debian, etc.

This also assumes the file does not exist already, if it does exist, it will append this info to the end of the file that already exists.

cat >> ifcfg-eth0 << EOF

You can now type cat ifcfg-eth0 and it will output the 4 lines above.

If that is not to your liking, you could always use something like echo with append statements. Like this:

echo "TYPE=Ethernet" >> ifcfg-eth0
echo "DEVICE=eth0" >> ifcfg-eth0
echo "BOOTPROTO=none" >> ifcfg-eth0
echo "ONBOOT=yes" >> ifcfg-eth0

The >> option appends the echo information into a file name. But if you do > it will overwrite all lines in the file.