Oxidized Error “OpenSSL::PKey::PKeyError with msg “dh#set_pqg= is incompatible with OpenSSL 3.0”

Looks like the issue has something to do with net-ssh. There are some other similar errors people were having.

https://github.com/ytti/oxidized/issues/2642
https://github.com/ytti/oxidized/pull/2570

The easy way to resolve the issue is to install oxidized using git.

Prerequisites

Make sure rake is installed

sudo dnf install rake
 or 
sudo apt install rake

Install Oxidized from Git

Steps were copied from here. https://github.com/ytti/oxidized#build-from-git

You should be able to copy and paste these commands in the users home directory.

git clone https://github.com/ytti/oxidized.git
cd oxidized/
gem install bundler
rake install

After it is installed, restart the service

systemctl restart oxidized

Or continue on installing and with LibreNMS

CentOS – This system is not registered with an entitlement server. You can use subscription-manager to register.

If you are getting the following response when trying to use the yum or dnf command,

This system is not registered with an entitlement server. You can use subscription-manager to register.

Try editing the subscription-manager.conf file, and disable it by changing enable=1 to enable=0

sudo nano /etc/yum/pluginconf.d/subscription-manager.conf

After you may run

yum clean

That should take care of the problem.

https://serverfault.com/questions/764900/how-to-remove-this-warning-this-system-is-not-registered-to-red-hat-subscriptio

https://sahlitech.com/entitlement-server-fix/

Hardening SNMP on CentOS/RedHat/Fedora Etc.

These steps should be similar across Red Hat type distros.

Before we proceed, lets stop SNMP

sudo systemctl stop snmpd

Disable SNMP Versions 1 and 2c

First we are going to disable SNMP v1 and v2c

You can manually edit the /etc/snmp/snmpd.conf file and comment out or delete every line starting with com2sec, group, access. Or you can run the following sed commands to change it for you.

sudo sed -i 's/^com2sec/# com2sec/g' /etc/snmp/snmpd.conf
sudo sed -i 's/^group/# group/g' /etc/snmp/snmpd.conf
sudo sed -i 's/^access/# access/g' /etc/snmp/snmpd.conf

https://serverfault.com/questions/376688/how-to-disable-version-1-and-version-2c-in-snmpd

Create SNMP Version 3 User

Follow the prompts to create a SNMP v3 user.

sudo net-snmp-create-v3-user -ro -a SHA -x AES

Start SNMP

sudo systemctl start snmpd

You should be good to go.

If you are running a firewall, you will need to allow an exception for SNMP, UDP port 161. You may also need to allow an SELinux exception. Check out the last portion of both these articles.

Allowing SNMP Through Firewall

Enable Syslog for PowerDNS Recursor

  1. Enable Logging in PowerDNS Recursor Config
  2. Edit Systemd Unit File for PowerDNS to Allow Syslog
  3. Enable Logging in rsyslog Config File

The following links were helpful in setting things up.

https://doc.powerdns.com/recursor/running.html
https://www.reddit.com/r/linuxadmin/comments/9lc4jl/logging_queries_in_pdnsrecursor/

Enable logging in PowerDNS Recursor Config

First we need to find the line that says “disable-syslog” and uncomment/change it to

disable-syslog=no

Next find the line that says “quiet” and uncomment/change it to

quiet=no

Some other lines you may want to check and change

logging-facality=1
loglevel=6

Edit Systemd Unit File for PowerDNS to allow Syslog

Next we need to modify the Systemd unit file to allow PowerDNS Recursor to log to syslog.

systemctl edit --full pdns-recursor.service

On the ExecStart Line, remove the part that says

--disable-syslog

The resulting line should look something like

[Service]
ExecStart=/usr/sbin/pdns_recursor --socket-dir=%t/pdns-recursor --socket-dir=%t/pdns-recursor --daemon=no --write-pid=no --log-timestamp=no

Save the file.

Enable Logging in rsyslog Config File

Edit the rsyslog file

sudo vim /etc/rsyslog.conf

Add the following line

local1.*        /var/log/pdns_recursor.log

This should now log all of the PowerDNS Recursor log info to “/var/log/pdns_recursor.log”

Restart the rsyslog and PowerDNS Recursor service

sudo systemctl restart rsyslog
sudo systemctl restart pdns-recursor

You should now see DNS request in the log file.

tail /var/log/pdns_recursor.log

They should also show up in the “/var/log/messages”

Cannot load Zend OPcache – it was already loaded

Started getting the following error while running ./validate.php for LibreNMS

Cannot load Zend OPcache - it was already loaded

Looks like the problem arises out of PHP trying to load two ini files for OPcache. Was trying to enable OPcache for LibreNMS so I created an opcache.ini file and put the settings in it. I missed the default 10-opcache.ini file.

Moving all the settings into the 10-opcache.ini file and deleting the created opcache.ini file resolved the issue for me.

https://unix.stackexchange.com/questions/253448/php-7-install-throws-cannot-load-zend-opcache-it-was-already-loaded-error/253484

no matching host key type found. Their offer: ssh-dss,ssh-rsa

2023 Update: Recent versions of REHL have completely disabled DES which can cause issues even when using the +ssh-rsa or +ssh-rsa. You can use the following command to enable SHA1, however, upgrading the server would be recommended.

update-crypto-policies --set DEFAULT:SHA1

Reason for it not working is some of the older weaker SSH encryption algorithms have been disabled. You can allow ssh to use it by specifying the following option.

 -oHostKeyAlgorithms=+ssh-dss 

The whole command would look like

ssh  -o HostKeyAlgorithms=+ssh-dss root@192.168.111.4 

http://www.openssh.com/legacy.html

https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss#836064

How To Reset root Password on CentOS VM – XenServer

Basic steps are as follows.

  1. Shutdown VM
  2. From XenCenter, insert the CentOS iso into the VM’s Virtual DVD drive.
  3. Boot the CentOS VM in recovery mode.  If you need help with that check this post out.
  4. On the grub menu, select recover OS Installation.
  5. Run through the recovery and mount the VM’s disk where CentOS is installed
  6. You should now be able to drop to a prompt and chroot /sysimage
  7. Change the root password with passwd
  8. Shutdown the VM
  9. Eject the CentOS iso
  10. Boot up the VM and login with the new password