Categories
General Computing Uncategorized

SABnzbd 3.4.1 Windows – Untrusted certificate

Interesting issue that popped up right after upgrading. My SABNZB started throwing cert errors on all of my usenet servers. Too much of a coincidence, and it looks like there was an expired cert. The error SabNZB kept spitting out was:

Server blablabla uses an untrusted certificate [Certificate not valid. This is most probably a server issue.]

This is a shameless pull from /u/MonstaGraphics on reddit who posted the fix.

  1. Press the Windows/Start button, Type MMC and press enter.
  2. Press Ctrl+M.
  3. Double-click on “Certificates” in the left list, then click the “Finish” button. Click “OK” to close the window.
  4. Expand “Certificates – Current User”, then expand “Intermediate Certificate Authorities”, then click “Certificates”.
  5. Find the expired certificate titled “R3”, and delete it. Close the Window, you don’t need to save anything once prompted.
Categories
General Computing

Bypassing the Google Chrome “Your connection is not private” Warning

Sometimes this will pop up, specifically with a website that has a CA signed by the military, government, or self signed certs. In Google Chrome, at least as of version 92.0.4515.159, you can do this to get around it. Just know, that your session may not be as secure as you’d like, so you better know what you are hitting!

The fix is to left click anywhere on the site page, and then type:

thisisunsafe

If it worked, the site should reload and get you in. You do not need to press enter, it will automatically take it. There’s no text box, or typing prompt, just type it on the screen after you left click on the page.

Categories
Operating Systems

CentOS 8 Stream Error setting up base repository

This is a super simple fix. If you are trying to set up a centos 8 stream server with just the boot iso and the internet. You need to select the repo that it can pick from so you can get your packages. When you are selecting your isntallation source, the “on the network” source you can pick for a repository URL is:

mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/

Select done and then you can select your packages. My go to is a minimal install, then you can continue your installation.

Categories
linux minecraft Uncategorized

Minecraft Bedrock Server on CentOS 8 Stream error with libnsl.so.1

My Minecraft server was working great on my CentOS 8 Stream server for a few months. Then an update they must have added or modified a dependency. When I would go to start it, it would throw:

./bedrock_server: error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such file or directory

Did a little googling and discovered I needed to install libnsl package:

dnf install libnsl

Once I did that, I was back up and running! Hopefully this helps someone else.

Categories
Cisco General Computing Uncategorized

Looking up Cisco ASA5506 timebomb Field Notice – FN64228

(UPDATED APRIL 2021) – As the link was broken and now fixed) I don’t know why this isn’t plastered on cisco.com, but you can go to here and throw a serial number in and see if it’s affected by the timebomb that the C2000 CPU’s cause. This seems specific to the 5506x, there are other search tools and field notices at cisco to determine if your hardware is affected.

https://snvui.cisco.com/snv/FN64228

If you need to grab your SN, type show inv and it’ll spit out SN and version. I’ve found a bunch of V02 are unaffected, based on that lookup tool.

madfw5# show inv
Name: "Chassis", DESCR: "ASA 5506-X with FirePOWER services, 8GE, AC, DES"
PID: ASA5506           , VID: V04     , SN: JMX2xxxxxx

Name: "Storage Device 1", DESCR: "ASA 5506-X SSD"
PID: ASA5506-SSD       , VID: N/A     , SN: MSAxxxxxxxx

madfw5# 
Categories
Software Uncategorized

WHMCS remove NS1 and NS2 prefix

This one was bothering me for some reason. When you select the product type in your WHMCS Products/Services as Server/VPS it adds this NS1 and NS2 requirement. Which are just nameservers, it makes no sense! So if you change it from Server/VPS to OTHER the option goes away. If you have modules and other configurable options enabled, they’re all still there and work. Seems silly, but I reached out to WHMCS to ask why it exists in the first place.

Do know, this removes the hostname as well. If you want to keep hostname, you have the ability to hide NS1 and NS2 prefix’s and prepulate them instead. You would leave your Product/Service as Server/VPS and then make these changes:

The fields can be hidden by editing the /templates/orderforms/your_active_template/configureproduct.tpl file.

To remove one or more of the default fields on your order form entirely, you can change the field type to hidden and supply a unique value.

For example:

Find:

<label for="inputNs1prefix">{$LANG.serverns1prefix}</label>
<input type="text" name="ns1prefix" class="form-control" id="inputNs1prefix" value="{$server.ns1prefix}" placeholder="ns1">


<label for="inputNs2prefix">{$LANG.serverns2prefix}</label>
<input type="text" name="ns2prefix" class="form-control" id="inputNs2prefix" value="{$server.ns2prefix}" placeholder="ns2">

Replace with:

<!-- <label for="inputNs1prefix">{$LANG.serverns1prefix}</label> -->
<input type="hidden" name="ns1prefix" class="form-control" id="inputNs1prefix" value="host{$smarty.now}" placeholder="ns1">


<!-- <label for="inputNs2prefix">{$LANG.serverns2prefix}</label> -->
<input type="hidden" name="ns2prefix" class="form-control" id="inputNs2prefix" value="host{$smarty.now}" placeholder="ns2">


It is recommended to create your own custom order form to preserve changes through any upgrades – http://docs.whmcs.com/Order_Form_Templates#Creating_a_Custom_Order_Form_Template

Hopefully this helps someone, enjoy!

Categories
Linux

Writing multiple lines of code to a file in linux

Sometimes it’s needed to create multiple files, repeatadly with linux. This should work with any of the major distros: CentOS, Ubuntu, Fedora, Debian, etc.

This also assumes the file does not exist already, if it does exist, it will append this info to the end of the file that already exists.

cat >> ifcfg-eth0 << EOF
TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
EOF

You can now type cat ifcfg-eth0 and it will output the 4 lines above.

If that is not to your liking, you could always use something like echo with append statements. Like this:

echo "TYPE=Ethernet" >> ifcfg-eth0
echo "DEVICE=eth0" >> ifcfg-eth0
echo "BOOTPROTO=none" >> ifcfg-eth0
echo "ONBOOT=yes" >> ifcfg-eth0

The >> option appends the echo information into a file name. But if you do > it will overwrite all lines in the file.

Enjoy!

Categories
General Computing

Combating malware, ransomware, password management, and general good online practices

If you want to stop against ransomware, you need to have offsite, incremental backups. This will solve a lot of problems, and give you piece of mind that files are backed up off site as well, for other issues. Fires, floods, failed hardware, etc.

If you want to stop against malware or getting the ransomware in the first place, you need to follow safe browsing habits. Get plugins for your browser that block malicious content, or URL’s. Plugins like ublock origin, HTTPS Everywhere, Ghostery, etc. You can take it a step further and install a pihole DNS server to handle all devices behind your networks requests. You should also make sure your anti virus is up to date. If you are on Windows 10, the build in Windows Defender is actually one of the best, so keep that updated.

If you want to stop against getting into your accounts with poor passwords, or re used passwords. You need to follow better password management practices for different accounts. You can go as far as password management with a tool like keepass (local), or lastpass (web based). If you want to be proactive, change your password every so often. But as long as you have a long and complex password (20+ characters), you are in better shape then most. 

When logging into websites, make sure they have an SSL lock on the top left, and that the certificate is valid, any browser will tell you if the session is secure.

If you have a laptop with a built in webcam I would advise getting a cover overit. They make nicer ones online, or you can just use electrical tape.

Enjoy, stay safe :).

Categories
Linux

CentOS 7 multiple VLANs on one interface

OK, so this was something I needed to do with CentOS 6: https://vivithemage.com/2014/08/08/centos-6-multiple-vlans-with-one-eth-device/

This is how to do it in CentOS 7. There are some slight changes required compared to CentOS 6, but they’re nominal. It’s possible it will work for CentOS 8, but it is untested. Where there is a command like vi bla/bla/file you will enter the following information in the line.

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.all.accept_source_route = 1

cd /etc/sysconfig/network-scripts/

vi ifcfg-em1
TYPE=Ethernet
DEVICE=em1
BOOTPROTO=none
ONBOOT=yes

vi ifcfg-em1.29
DEVICE=em1.29
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.119.161.2
PREFIX=24
NETWORK=192.119.161.0
GATEWAY=192.119.161.1
VLAN=yes
ARPCHECK=no
NM_CONTROLLED=no

vi ifcfg-em1.33
DEVICE=em1.33
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.119.165.2
PREFIX=24
GATEWAY=192.119.165.1
NETWORK=192.119.165.0
VLAN=yes
ARPCHECK=no
NM_CONTROLLED=no

vi ifcfg-em1.35
DEVICE=em1.35
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.119.167.2
PREFIX=24
NETWORK=192.119.167.0
GATEWAY=192.119.167.1
VLAN=yes
ARPCHECK=no
NM_CONTROLLED=no

vi ifcfg-em1.29-range
IPADDR_START=192.119.161.3
IPADDR_END=192.119.161.254
PREFIX=24
CLONENUM_START=3
ARPCHECK=no

vi ifcfg-em1.33-range
IPADDR_START=192.119.165.3
IPADDR_END=192.119.165.254
NETMASK=255.255.255.0
CLONENUM_START=254
ARPCHECK=no

vi ifcfg-em1.35-range
IPADDR_START=192.119.167.3
IPADDR_END=192.119.167.254
NETMASK=255.255.255.0
CLONENUM_START=506
ARPCHECK=no

echo ‘default via 192.119.161.1 dev em1.29 table 1’ > route-em1.29
echo ‘default via 192.119.165.1 dev em1.33 table 2’ > route-em1.33
echo ‘default via 192.119.167.1 dev em1.35 table 3’ > route-em1.35
echo ‘from 192.119.161.2 tab 1 priority 500’ > rule-em1.29
echo ‘from 192.119.165.2 tab 2 priority 501’ > rule-em1.33
echo ‘from 192.119.167.2 tab 3 priority 502’ > rule-em1.35
echo ‘from 192.119.161.0/24 table 1’ >> rule-em1.29
echo ‘from 192.119.165.0/24 table 2’ >> rule-em1.33
echo ‘from 192.119.167.0/24 table 3’ >> rule-em1.35
THIS WORKS FOR TESTING
ip route add default via 192.119.161.1 dev em1.29 table 1
ip route add default via 192.119.165.1 dev em1.33 table 2
ip route add default via 192.119.167.1 dev em1.35 table 3
ip rule add from 192.119.161.2 tab 1 priority 500
ip rule add from 192.119.165.2 tab 2 priority 501
ip rule add from 192.119.167.2 tab 3 priority 502
ip rule add from 192.119.161.0/24 table 1
ip rule add from 192.119.165.0/24 table 2
ip rule add from 192.119.167.0/24 table 3
THIS IS REQUIRED TO PING DURING TEST – THIS ONE WIL NOT SUSTAIN REBOOT
ip route add default via 198.50.31.1
## THIS WILL SUSTAIN REBOOT – ONLY NEEDED FOR TESTING
echo 'default via 198.50.31.1' > route-em1.15
### END TESTING STUFFS
Categories
Linux

cPanel absolute path for SFTP back up

My back up server uses keys, and SSH to allow for backups. By default, in my cPanel server running CENTOS 7.7 with v86.0.18 of cPanel, you really only have the option to do a path related to the SSH user’s home log in directory. My back up server has a mount point outside of /home/user/ so I needed to find a way to force it to go to /data/madhost613/ as an example.

Once you create your SFTP back up options under “backup settings” in the cPanel GUI, you can create an “additional destinations”. This will allow your back ups to be sent somewhere else.

I would advise using key based authentication when you set up SFTP as a destination. It is far more secure then password based authentication. Once you set up your SFTP and have validated it, SSH into your SOURCE server running cPanel to make the change to the validation configuration file. It should be in: /var/cpanel/backups/ The file itself will look simliar to this: backups_link_data_drive_UID_vxxxxxxxxxxxxxxxxxxxxxx Once you found it, edit it with your favorite editor. Which should be vi ;). In that configuration file is a path line, go ahead and modify it to your aboslute path. Mine now reads: path: /data/madhost613/ Some caveats with this, the SSH user must have r/w on that destination server. Once you make this change, you can run the validation in cPanel, and if successful, your back ups will be sent to that directory now.

cPanel informed me this should be an added feature at some point, but currently unknown when. But this work around works fine.