Vivi The Mage – Page 2 – Web Hosting Dude, Network Engineer, and Gamer

Linux

librenms and oxidized plugin SSH issues

Post author By Vivi The Mage
Post date March 26, 2022
No Comments on librenms and oxidized plugin SSH issues

I was setting up LibreNMS (version 22.2.1 at time of writing) and found out that it also has a plugin called oxidized (version 0.28.0 at time of writing) that allows you to do back ups of configuration files. So I figured why not, let’s replace my dated rconfig setup. In my opinion oxidized is a bit archaic, but it seems to be based on an old tool called RANCID. So long story short, it is a bit on the YAML heavy side, it takes some manual configuration in shell. My oxidized config looks like this, for example:

# - keyboard-interactive

groups: {}
models: {}
pid: /home/oxidized/.config/oxidized/pid
input:
  default: ssh
  debug: false
  ssh:
    secure: false
output:
  default: file
  file:
    directory: /home/oxidized/.config/oxidized/configs
source:
  default: csv
  csv:
    file: /home/oxidized/.config/oxidized/router.db
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      ip: 1
      model: 2
      username: 3
      password: 4
    vars_map:
      ssh_kex: 5
      ssh_host_key: 6
      ssh_hmac: 7
      ssh_encryption: 8
      enable: 9
    gpg: false
model_map:
  cisco: ios
  juniper: junos
  asa: asa

I kept getting KEX errors for my ASA when it was trying to log in:

raised Net::SSH::Exception (rescued RuntimeError) with msg "could not settle on kex algorithm"

My ASA router.db line looked like this (replacing xxxxx with actual passwords):

madfw5:192.168.150.1:asa:admin:xxxxxxx:+diffie-hellman-group1-sha1:ssh-rsa:hmac-sha2-256:aes256-cbc:xxxxxxxx

I knew this was a good KEX (diffie-hellman-group1-sha1), as I forced it via the ASA, and SSH worked via putty, or other switches on the network. It also worked for my cisco switches via oxidizer. For reference, my ASA is running 9.16(2)14 ASA and ASDM 7.17(1)152. I wanted to see what other options exist, so I ran show ssh:

madfw5# show ssh
Idle Timeout: 60 minutes
Version allowed: 2
Cipher encryption algorithms enabled: aes128-gcm@openssh.com aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc chacha20-poly1305@openssh.com
Cipher integrity algorithms enabled: hmac-sha2-256

and my KEX checked my KEX:

madfw5#  sh run ssh
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group14-sha256

But I kept getting the error. Doing some digging, I saw oxidizer uses NET:SSH perl module, and their GIT is pretty updated, and it showed what algorithms were currently supported: https://github.com/net-ssh/net-ssh

I saw ecdh-sha2-nistp256 was allowed and supported, which worked on the ASA, by tabbing out the option:

madfw5(config)# ssh key-exchange group ?

configure mode commands/options:
  curve25519-sha256   Diffie-Hellman group-31-sha256
  dh-group1-sha1      Diffie-Hellman group 2 (DEPRECATED)
  dh-group14-sha1     Diffie-Hellman group-14-sha1
  dh-group14-sha256   Diffie-Hellman group-14-sha256
  ecdh-sha2-nistp256  Diffie-Hellman group-19-sha256

Then forced it by finishing out the command in configure terminal mode:

madfw5# conf t
madfw5(config)#
madfw5(config)# ssh key-exchange group ecdh-sha2-nistp256

so now it shows:

madfw5(config)# sh run ssh
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh key-exchange group ecdh-sha2-nistp256
madfw5(config)#

good to go, now the ASA is backing up and running oxidizer, huzzah! I am still learning what else oxidizer can do. My next step is to enable git, so it will automatically upload new versions of the configuration files it backs up.

Steelseries GG sucks – get the last version of engine

Post author By Vivi The Mage
Post date February 28, 2022
No Comments on Steelseries GG sucks – get the last version of engine

As most people seem to be aware, the Steelseries GG software sucks, and those of us who just needed Engine, are forced to upgrade. So I dug around for the last version of Engine only, none of the GG bloat and this was it: SteelSeriesEngine3.20.0Setup.exe

This is the direct link, while it works to steelseries’ website: https://engine.steelseriescdn.com/SteelSeriesEngine3.20.0Setup.exe

If they pull it, you can download here: https://vivithemage.com/extra/SteelSeriesEngine3.20.0Setup.exe

If you download it from steelseries or vivithemage.com, these are the hashes:

MD5: E0828A3D321418513CEC2B273CF33607
SHA1: 5B1E48E51C02C685B236199C1A71F07E0396780E
SHA256: 7527895C81CB5C42CE51F5463FA7FAB79766952E1F8F34B5E6F1268CD2681EA0
SHA512: 534C496B597DF513863CC004BF4F413E3CDE6830748D2EF03897C7049075E381DADFCBD968B5A298D1F845DF9D6658555133A469D0D40E3D46F768920B15DC0F

If you were forced to upgrade to GG, make sure to uninstall and then install this version of Engine. This is currently working fine for my Windows 10 Pro 21H2 patched PC.

Linux

How to Install or Update PHP to 7.4 with ioncube on CentOS 7

Post author By Vivi The Mage
Post date January 19, 2022
No Comments on How to Install or Update PHP to 7.4 with ioncube on CentOS 7

I needed to upgrade my WHMCS host server to utilize PHP 7.4. I am coming from PHP7.3 and found it pretty straight forward of an upgrade. Also, 7.3 is end of life and only on security updates right now.

Step 1: First thing I would do is back up your server you are updating. If you can, do a snapshot.

Step 2: Update your server

yum install epel-release yum-utils -y
yum update -y

Step 3: Check the version of the PHP that is currently running.

php -v

Step 4: List all the PHP packages you have installed into a file, so you can refer to it to install all those packages in PHP 7.4

rpm -qa | grep php > /home/php_rpm_originals.txt

Step 5: Remove all the installed PHP packages

yum remove "php*" -y

Step 6: Install the updated Remi repository if it is not already installed.

yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm

Step 7: Enable the PHP 7.4 repository, install the core and required PHP packages. You can also refer to step 4 for the previously required packages.

yum --enablerepo=remi-php74 install php php-pdo php-fpm php-gd php-mbstring php-mysql php-curl php-mcrypt php-json php-bcmath php-tidy php-tcpdf php-xmlrpc -y

Step 8: Check the updated PHP version.

php -v

PHP 7.4.27 (cli) (built: Dec 14 2021 17:17:06) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
Step 9: Restart Apache to use the newly installed PHP 7.4

systemctl restart httpd

Step 10: Check what architecture you are running – in my case it was 64bit

uname -a

Linux madgenius.com 3.10.0-1160.53.1.el7.x86_64 #1 SMP Fri Jan 14 13:59:45 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Step 11: Download your version of the ioncube loaders

——————– For 64-bit System ——————–

cd /tmp

wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

——————– For 32-bit System ——————–

cd /tmp

wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz

Step 12: unzip and move into the directory

tar -zxvf ioncube_loaders_lin_x86*
cd ioncube/
ls -ltrh

Step 13: Obtain your PHP location for modules.

php -i | grep extension_dir

extension_dir => /usr/lib64/php/modules => /usr/lib64/php/modules
Step 14: Copy the files you need, in our case it was 7.4.

cp ioncube_loader_lin_7.4.so ioncube_loader_lin_7.4_ts.so /usr/lib64/php/modules

Step 15: Modify your php.ini file to include ioncube. I added mine at the top right below [PHP]. The line you want to add is:

zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_7.4.so

vi /etc/php.ini

Once done editing, hit ESC and then type in :X and hit ENTER

Step 16: Restart apache or nginx/php-fpm servers
——————– Start Apache Web Server ——————–

systemctl restart httpd

——————– Start Nginx + PHP-FPM Server —————-

systemctl restart nginx
systemctl restart php-fpm

Verify install:

php -v

PHP 7.4.27 (cli) (built: Dec 14 2021 17:17:06) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with the ionCube PHP Loader + ionCube24 v11.0.1, Copyright (c) 2002-2022, by ionCube Ltd

Advertising

EVGA 10% off discount code – associates code

Post author By Vivi The Mage
Post date January 13, 2022
No Comments on EVGA 10% off discount code – associates code

UPDATE: This program has been discontinued by EVGA, sorry all! I don’t think the discount works any more.

Warning, this is purely an ad post for my associates code. Good news is it can get you up to 10% off any hardware at evga.com and it’s store. When you go to check out, just punch in this associates code during checkout: I6AM2ZPP7846RU5

That is it! Should save you up to 10%. Otherwise here’s the total savings per product type:

Product Type
Audio
10.00%

Capture Device
5.00%

Cases
10.00%

Cooling
10.00%

Gaming Keyboards
5.00%

Gaming Mice
5.00%

Graphics
3.00%

Motherboards
5.00%

Power Supplies
10.00%

I appreciate you for using my code!

APC

Having issues upgrading APC 9640 Network Manager card 3

Post author By Vivi The Mage
Post date November 26, 2021
No Comments on Having issues upgrading APC 9640 Network Manager card 3

Of course this is still a thing. Even though when you log into the management page, you can click firmware upgrade, it fails to upload throwing:

Trying numerous browsers, the upgrade always fails via the browser for my AP9640/41/42 APC Network Management Cards. So just like I experienced before with the AP9617/18/19 cards, you have to drop into FTP to successfully upgrade. The process is one of a few options pulled from APC’s website: https://www.apc.com/us/en/faqs/FA156047/

Before upgrading, make sure you pulled down the Bin file, which as of this posting (November 2021) was: apc_hw21_su_1-5-1-1.nmc3 You can find it by downloading the latest file from apc’s website and running the exe file. Then dive into the directories to C:\apc_hw21_su_1-5-1-1\Bins . If for some reason this file doesn’t exist anymore, you can pull it down from here: https://vivithemage.com/extra/apc_hw21_su_1-5-1-1.nmc3

MD5 HASH: AEDA1DEECF92D6DC956DE9A8235DDB11
SHA256 HASH: 2D68A703308F222E453BA525816B544635DE03D451D406BB52A856CD0920F1A9

This is what you have to do to upgrade:

Manual (via FTP) – Network Management Card 3

1. To perform a firmware flash with this method the Management Card must have been previously configured with a System IP, Subnet Mask, and Default Gateway and attached to the network. In addition, FTP Server must be enabled.

2. Open an MS-DOS command prompt window on a PC which is connected to the network. Change to the directory which contains the firmware upgrade files. Some example commands which need to be entered are shown in bold in order to change directories. Please note, this is just an example. You may need to enter a full path to a directory which requires different syntax.
C:\>cd apc
C:\apc>

3. Open an FTP client session.

C:\apc>ftp 192.168.1.100 (192.168.1.100 being the IP address of the web card)

4. Log in as Administrator (apc is the default user name and password).

5. Upgrade the firmware:

ftp>bin(specifies binary transfer mode which is required)
ftp> hash (optional – enables hash mark printing as a way of monitoring file transfer progress)
ftp>put apc_hw21_SU_XXXX.nmc3(XXX being the version number downloaded)
6. When FTP confirms the transfer, type quit to close the session.

7. Wait about 20 – 30 seconds.

That is it, APC Network Manager will reboot and you’ll be upgraded.

General Computing

SABnzbd 3.4.1 Windows – Untrusted certificate

Post author By Vivi The Mage
Post date October 6, 2021
No Comments on SABnzbd 3.4.1 Windows – Untrusted certificate

Interesting issue that popped up right after upgrading. My SABNZB started throwing cert errors on all of my usenet servers. Too much of a coincidence, and it looks like there was an expired cert. The error SabNZB kept spitting out was:

Server blablabla uses an untrusted certificate [Certificate not valid. This is most probably a server issue.]

This is a shameless pull from /u/MonstaGraphics on reddit who posted the fix.

Press the Windows/Start button, Type MMC and press enter.
Press Ctrl+M.
Double-click on “Certificates” in the left list, then click the “Finish” button. Click “OK” to close the window.
Expand “Certificates – Current User”, then expand “Intermediate Certificate Authorities”, then click “Certificates”.
Find the expired certificate titled “R3”, and delete it. Close the Window, you don’t need to save anything once prompted.

Gaming

Fallout 4 mouse lag fix

I have not played fallout 4 in a while, but for some reason, mouse lag was still a problem as it was in fallout 3 and New Vegas. The fix is the same though. Navigate to here:

C:\Users\**USERNAME**\Documents\My Games\Fallout4

Use your favorite file editor to modify these two files: Fallout4.ini and Fallout4Prefs.ini If you do not have a file editor, try notepad, or get yourself notepad++ to enable yourself a lot more editing functionality.

You want to change line iPresentInterval=1 to be iPresentInterval=0

That resolved it for me, again. At least the fix is consistent!

Enjoy.

Nintendo Switch

Nintendo Switch does not detect SD Card – Plug ribbon cable back in option

Post author By Vivi The Mage
Post date August 27, 2021
No Comments on Nintendo Switch does not detect SD Card – Plug ribbon cable back in option

My Nintendo switch v2 stopped detecting my SD card. I was able to plug the SD card back into my PC and it was detecting OK. I am guessing my son dropped the switch, and I am out of warranty. So I took it apart to see what was behind there, I figured these connectors aren’t super strong, they are usually a ribbon cable. I was right, it was not connected anymore. Put it back in, and it was good.

If you think that might be you, here’s what it looks like to reconnect the ribbon cable. You can find numerous teardown videos to get to this stage, it’s only a few screws. One caveat, be very gentle with the screws, do not over tighten them as they are very soft metal. They will strip easily.

General Computing

Bypassing the Google Chrome “Your connection is not private” Warning

Post author By Vivi The Mage
Post date August 25, 2021
No Comments on Bypassing the Google Chrome “Your connection is not private” Warning

Sometimes this will pop up, specifically with a website that has a CA signed by the military, government, or self signed certs. In Google Chrome, at least as of version 92.0.4515.159, you can do this to get around it. Just know, that your session may not be as secure as you’d like, so you better know what you are hitting!

The fix is to left click anywhere on the site page, and then type:

thisisunsafe

If it worked, the site should reload and get you in. You do not need to press enter, it will automatically take it. There’s no text box, or typing prompt, just type it on the screen after you left click on the page.

Advertising

Google Fi $20 credit

I know Google fi has been around for quite a while, but I recently switched and have been enjoying it a lot. My favorite perk has been when I travel internationally, you get high speed data rolled in to 200+ countries. Assuming you pick one of their plans that allow for that functionality. If you want a free $20 credit, you can sign up with promo code 8JRXF9 or this link will also take you there: https://g.co/fi/r/8JRXF9

It also kicks me over a $20 credit, so win-win!