Oxidized Error “OpenSSL::PKey::PKeyError with msg “dh#set_pqg= is incompatible with OpenSSL 3.0”

Posted on February 8, 2023 by admin

Looks like the issue has something to do with net-ssh. There are some other similar errors people were having.

https://github.com/ytti/oxidized/issues/2642
https://github.com/ytti/oxidized/pull/2570

The easy way to resolve the issue is to install oxidized using git.

Prerequisites

Make sure rake is installed

sudo dnf install rake
 or 
sudo apt install rake

Install Oxidized from Git

Steps were copied from here. https://github.com/ytti/oxidized#build-from-git

You should be able to copy and paste these commands in the users home directory.

git clone https://github.com/ytti/oxidized.git
cd oxidized/
gem install bundler
rake install

After it is installed, restart the service

systemctl restart oxidized

Or continue on installing and with LibreNMS

CentOS – This system is not registered with an entitlement server. You can use subscription-manager to register.

Posted on February 2, 2023 by admin

If you are getting the following response when trying to use the yum or dnf command,

This system is not registered with an entitlement server. You can use subscription-manager to register.

Try editing the subscription-manager.conf file, and disable it by changing enable=1 to enable=0

sudo nano /etc/yum/pluginconf.d/subscription-manager.conf

After you may run

yum clean

That should take care of the problem.

https://serverfault.com/questions/764900/how-to-remove-this-warning-this-system-is-not-registered-to-red-hat-subscriptio

https://sahlitech.com/entitlement-server-fix/

Hardening SNMP on CentOS/RedHat/Fedora Etc.

Posted on June 23, 2022 by admin

These steps should be similar across Red Hat type distros.

Before we proceed, lets stop SNMP

sudo systemctl stop snmpd

Disable SNMP Versions 1 and 2c

First we are going to disable SNMP v1 and v2c

You can manually edit the /etc/snmp/snmpd.conf file and comment out or delete every line starting with com2sec, group, access. Or you can run the following sed commands to change it for you.

sudo sed -i 's/^com2sec/# com2sec/g' /etc/snmp/snmpd.conf
sudo sed -i 's/^group/# group/g' /etc/snmp/snmpd.conf
sudo sed -i 's/^access/# access/g' /etc/snmp/snmpd.conf

https://serverfault.com/questions/376688/how-to-disable-version-1-and-version-2c-in-snmpd

Create SNMP Version 3 User

Follow the prompts to create a SNMP v3 user.

sudo net-snmp-create-v3-user -ro -a SHA -x AES

Start SNMP

sudo systemctl start snmpd

You should be good to go.

If you are running a firewall, you will need to allow an exception for SNMP, UDP port 161. You may also need to allow an SELinux exception. Check out the last portion of both these articles.

Setting up SNMP V3 on CentOS

Allowing SNMP Through Firewall

semanage Allow and Delete ports in CentOS

Enable Syslog for PowerDNS Recursor

Posted on January 14, 2022 by admin

Enable Logging in PowerDNS Recursor Config
Edit Systemd Unit File for PowerDNS to Allow Syslog
Enable Logging in rsyslog Config File

The following links were helpful in setting things up.

https://doc.powerdns.com/recursor/running.html
https://www.reddit.com/r/linuxadmin/comments/9lc4jl/logging_queries_in_pdnsrecursor/

Enable logging in PowerDNS Recursor Config

First we need to find the line that says “disable-syslog” and uncomment/change it to

disable-syslog=no

Next find the line that says “quiet” and uncomment/change it to

quiet=no

Some other lines you may want to check and change

logging-facality=1
loglevel=6

Edit Systemd Unit File for PowerDNS to allow Syslog

Next we need to modify the Systemd unit file to allow PowerDNS Recursor to log to syslog.

systemctl edit --full pdns-recursor.service

On the ExecStart Line, remove the part that says

--disable-syslog

The resulting line should look something like

[Service]
ExecStart=/usr/sbin/pdns_recursor --socket-dir=%t/pdns-recursor --socket-dir=%t/pdns-recursor --daemon=no --write-pid=no --log-timestamp=no

Save the file.

Enable Logging in rsyslog Config File

Edit the rsyslog file

sudo vim /etc/rsyslog.conf

Add the following line

local1.*        /var/log/pdns_recursor.log

This should now log all of the PowerDNS Recursor log info to “/var/log/pdns_recursor.log”

Restart the rsyslog and PowerDNS Recursor service

sudo systemctl restart rsyslog
sudo systemctl restart pdns-recursor

You should now see DNS request in the log file.

tail /var/log/pdns_recursor.log

They should also show up in the “/var/log/messages”

Error Setting up Base Repository While Installing CentOS Stream 8

Posted on October 22, 2021 by admin

CentOS 8 Error setting up base repository

Not sure why it was giving an error. But to resolve the issue

click on “Software Sources”

On the Network line put http://mirror.centos.org/centos-8/8/BaseOS/x86_64/os/

Should be able to go back to the previous page and select what you want to install.

Cannot load Zend OPcache – it was already loaded

Posted on October 29, 2020 by admin

Started getting the following error while running ./validate.php for LibreNMS

Cannot load Zend OPcache - it was already loaded

Looks like the problem arises out of PHP trying to load two ini files for OPcache. Was trying to enable OPcache for LibreNMS so I created an opcache.ini file and put the settings in it. I missed the default 10-opcache.ini file.

Moving all the settings into the 10-opcache.ini file and deleting the created opcache.ini file resolved the issue for me.

https://unix.stackexchange.com/questions/253448/php-7-install-throws-cannot-load-zend-opcache-it-was-already-loaded-error/253484

Install dig on CentOS

Posted on December 23, 2019 by admin

The dig command is apart of the bind-utils package. You can install it with.

sudo yum install bind-utils -y

Now run dig

dig localhost

no matching host key type found. Their offer: ssh-dss,ssh-rsa

Posted on November 25, 2019 by admin

2023 Update: Recent versions of REHL have completely disabled DES which can cause issues even when using the +ssh-rsa or +ssh-rsa. You can use the following command to enable SHA1, however, upgrading the server would be recommended.

update-crypto-policies --set DEFAULT:SHA1

Reason for it not working is some of the older weaker SSH encryption algorithms have been disabled. You can allow ssh to use it by specifying the following option.

 -oHostKeyAlgorithms=+ssh-dss

The whole command would look like

ssh  -o HostKeyAlgorithms=+ssh-dss root@192.168.111.4

http://www.openssh.com/legacy.html

https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss#836064

Disable Network Manager in CentOS

Posted on September 20, 2019 by admin

Disable the service from starting on system boot

systemctl disable NetworkManager

Stop the service from running

systemctl stop NetworkManager

And if you want to remove it from the system.

yum remove NetworkManager

Refer to this post if you need to set a static IP Address

How To Reset root Password on CentOS VM – XenServer

Posted on August 30, 2019 by admin

Basic steps are as follows.

Shutdown VM
From XenCenter, insert the CentOS iso into the VM’s Virtual DVD drive.
Boot the CentOS VM in recovery mode. If you need help with that check this post out.
On the grub menu, select recover OS Installation.
Run through the recovery and mount the VM’s disk where CentOS is installed
You should now be able to drop to a prompt and chroot /sysimage
Change the root password with passwd
Shutdown the VM
Eject the CentOS iso
Boot up the VM and login with the new password

Incredigeek

Tag Archives: centos