ViciBox v.9.0 Bug/Fix thread - Updated March 18th, 2021
Posted: Fri Sep 13, 2019 2:15 pm
Updated October 11th, 2019
ViciBox v.9.0.0 has the wrong default white list IPSets in it's config and an accidentally un-commented ipset create statements. Here's what you can do to correct these issues:
After that the ipsets should start being populated the next time VB-firewall.pl is ran. You can verify this by viewing 'ipset -L' or 'ipset -L <ipsetname>'
-------------------------------------
Updated October 11th, 2019
ViciBox v.9.0.0 has a certbot package shipped with it that does not generate the /etc/certbot configuration directory or files. The fix has been reported to simply copy the config files from ViciBox v.8.1 and everything then starts working as expected. So here's the instructions to install the config files:
After that, you can use the vicibox-certbot script as normal. The bugfix thread for this is here: http://www.vicidial.org/VICIDIALforum/v ... =8&t=39667
-------------------------------------
Updated October 23th, 2019
ViciBox v.9.0 had a repository setup in it to pull in updated Apache related packages. Apparently someone decided to break the php7-mysql package which means your web server no longer works on an update. The fix is to remove this repo and update. I'm removing this repo in ViciBox v.9.0.1 and up.
Here's how you remove it and fix the package:
-------------------------------------
Updated December 3rd, 2019
The Asterisk 13 package was manually setting /var/spool/asterisk directory to '750' permissions. This means that while the permissions were correctly set to '755' when the ISO was built and released, any subsequent package updates to Asterisk 13 would set the permissions back to 750. The result was that Apache could no longer read the recordings and you get an error. The fix is in place in the package itself and here's how you fix the issue:
-------------------------------------
Updated March 31, 2020
In ViciBox v.9.0.1 and under there is a security issue with the ViciBox Dynamic Portal when ViciDial's encrypted passwords feature is enabled. The exploit would allow the attacker to authenticate against the firewall giving them the ability to connect to your server's IPs. They would not be logged into vicidial but they would be able to start using standard brute force attacks to try and guess passwords. If "encrypted passwords" is not enabled in your System Settings then this does not affect you. The following instructions only need to be done to the active Web servers, but you can patch all your servers without it affecting anything.
-------------------------------------
Updated April 21, 2020
The code to set the timezone in php.ini from the default of America/New_York had an incorrect patch set. You can correct that by doing the following:
-------------------------------------
Updated April 21, 2020
A fixup was added to disable meetme volume adjustments as it seems to cause purely random asterisk crashes. The full path to extensions.conf was not listed so to disable those meetme volume adjustments weren't put in place. This will not cause is issues if not fixed but it might solve an otherwise seemingly 'random' crash issue within Asterisk. The recommendation is to apply the fix regardless. Here's how you do that:
-------------------------------------
Updated April 27, 2020
The vicibox-certbot script in ViciBox v.9.0.2 had a sed command to remove the top three lines of the crontab which used to be comments from doing crontab -l. At some point this behavior changed which caused the first three lines of the actual crontab to be deleted. This results in the keepalive script being removed. There's two methods to fix this. The first method is to correct vicibox-certbot prior to it being ran. The second fix is to just add the keepalive crontab entry back. Here's how you do that:
Fixing vicibox-certbot:
Adding the keepalive cron back to the crontab:
-------------------------------------
Updated June 26th, 2020
Something in the chrony package got broken at some point after the ViciBox v.9.0.2 release. The result is on some systems, not all, it will cause chronyc to show 100% CPU usage on a single core. The fix seems to be reinstalling the chrony configuration files for OpenSuSE followed by a reboot to clear (or you can kill) the stuck chronyc process. Below is how you do that:
-------------------------------------
Updated July 1st, 2020
The ViciBox v.9.0.2 MD linux raid array image had an error in the vicibox-mdraid1.sh setup script. The result is the fstab does not have the proper /boot entry in it. This will need to be added to prevent the boot process from messing up. This assumed that /dev/md3, which is what vicibox-mdraid1 uses, is the /boot partition. Here's how you correct the issue:
-------------------------------------
Update September 10th, 2020
Chrony is broken internally in all version of ViciBox v.9. I believe it to be related to network conditions upon boot, but the result is that chronyc locks up the CPU at 100% and slowly tries to take the kernel with it. I have tried to track this down for weeks but have determined it's beyond me and no longer worth messing with even though it's the default in OpenSuSE v.15.1. My solution is to uninstall chrony in favor of the tried and true NTP Daemon. Here's how you would do that.
-------------------------------------
Update March 18th, 2021
In preparing for ViciBox v.10 with Asterisk 16 a libjansson v.2.13 package was created in the ViciDial repository. This caused an issue as ViciBox v.9 was shipped with the libjansson package from the OS repository which was v.2.9. Since updating this package requires a vendor change it was not installed with a normal 'zypper up'. This resulted in Asterisk 13 unable to start with an error code of '/usr/sbin/asterisk: symbol lookup error: /usr/sbin/asterisk: undefined symbol: json_vsprintf'. The fix for this is to install the libjansson update which requires the vendor change. Here's how you do that:
ViciBox v.9.0.0 has the wrong default white list IPSets in it's config and an accidentally un-commented ipset create statements. Here's what you can do to correct these issues:
- Code: Select all
sed -i 's/whitelistips/whiteips/' /usr/local/bin/VB-firewall.pl
sed -i 's/whitelistnets/whitenets/' /usr/local/bin/VB-firewall.pl
sed -i 's/print WHITETMP "create/#print WHITETMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print DYNAMICTMP "create/#print DYNAMICTMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print BLACKTMP "create/#print BLACKTMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print BLACKNETTMP "create/#print BLACKNETTMP "create/' /usr/local/bin/VB-firewall.pl
After that the ipsets should start being populated the next time VB-firewall.pl is ran. You can verify this by viewing 'ipset -L' or 'ipset -L <ipsetname>'
-------------------------------------
Updated October 11th, 2019
ViciBox v.9.0.0 has a certbot package shipped with it that does not generate the /etc/certbot configuration directory or files. The fix has been reported to simply copy the config files from ViciBox v.8.1 and everything then starts working as expected. So here's the instructions to install the config files:
- Code: Select all
cd /root
wget http://download.vicidial.com/vicibox/vicibox9-certbotconfs.tar.xz
cd /etc
tar -xf /root/vicibox9-certbotconfs.tar.xz
ln -s certbot letencrypt
After that, you can use the vicibox-certbot script as normal. The bugfix thread for this is here: http://www.vicidial.org/VICIDIALforum/v ... =8&t=39667
-------------------------------------
Updated October 23th, 2019
ViciBox v.9.0 had a repository setup in it to pull in updated Apache related packages. Apparently someone decided to break the php7-mysql package which means your web server no longer works on an update. The fix is to remove this repo and update. I'm removing this repo in ViciBox v.9.0.1 and up.
Here's how you remove it and fix the package:
- Code: Select all
zypper rr 1
zypper ref
zypper dup
-------------------------------------
Updated December 3rd, 2019
The Asterisk 13 package was manually setting /var/spool/asterisk directory to '750' permissions. This means that while the permissions were correctly set to '755' when the ISO was built and released, any subsequent package updates to Asterisk 13 would set the permissions back to 750. The result was that Apache could no longer read the recordings and you get an error. The fix is in place in the package itself and here's how you fix the issue:
- Code: Select all
chmod 755 /var/spool/asterisk
-------------------------------------
Updated March 31, 2020
In ViciBox v.9.0.1 and under there is a security issue with the ViciBox Dynamic Portal when ViciDial's encrypted passwords feature is enabled. The exploit would allow the attacker to authenticate against the firewall giving them the ability to connect to your server's IPs. They would not be logged into vicidial but they would be able to start using standard brute force attacks to try and guess passwords. If "encrypted passwords" is not enabled in your System Settings then this does not affect you. The following instructions only need to be done to the active Web servers, but you can patch all your servers without it affecting anything.
- Code: Select all
cd /srv/www/vhosts/dynportal/inc/
wget http://download.vicidial.com/vicibox/patches/9.0.1/functions.inc.php.diff
patch -p1 functions.inc.php.diff functions.inc.php
rm functions.inc.php.diff
-------------------------------------
Updated April 21, 2020
The code to set the timezone in php.ini from the default of America/New_York had an incorrect patch set. You can correct that by doing the following:
- Code: Select all
. /etc/sysconfig/clock
/usr/bin/sed -i "s+date.timezone =.*+date.timezone = $TIMEZONE+" /etc/php7/apache2/php.ini
/usr/bin/sed -i "s+date.timezone =.*+date.timezone = $TIMEZONE+" /etc/php7/cli/php.ini
service apache2 restart
-------------------------------------
Updated April 21, 2020
A fixup was added to disable meetme volume adjustments as it seems to cause purely random asterisk crashes. The full path to extensions.conf was not listed so to disable those meetme volume adjustments weren't put in place. This will not cause is issues if not fixed but it might solve an otherwise seemingly 'random' crash issue within Asterisk. The recommendation is to apply the fix regardless. Here's how you do that:
- Code: Select all
sed -i 's/exten => _X48600XXX/;exten => _X48600XXX/g' /etc/asterisk/extensions.conf
sed -i 's/exten => _X38600XXX/;exten => _X48600XXX/g' /etc/asterisk/extensions.conf
asterisk -rx "dialplan reload"
-------------------------------------
Updated April 27, 2020
The vicibox-certbot script in ViciBox v.9.0.2 had a sed command to remove the top three lines of the crontab which used to be comments from doing crontab -l. At some point this behavior changed which caused the first three lines of the actual crontab to be deleted. This results in the keepalive script being removed. There's two methods to fix this. The first method is to correct vicibox-certbot prior to it being ran. The second fix is to just add the keepalive crontab entry back. Here's how you do that:
Fixing vicibox-certbot:
- Code: Select all
sed -i 's/sed -e/#sed -e/' /usr/local/bin/vicibox-certbot
Adding the keepalive cron back to the crontab:
- Code: Select all
crontab -l > /tmp/rootcron
echo "### keepalive script for astguiclient processes" >> /tmp/rootcron
echo "* * * * * /usr/share/astguiclient/ADMIN_keepalive_ALL.pl" >> /tmp/rootcron
crontab /tmp/rootcron
-------------------------------------
Updated June 26th, 2020
Something in the chrony package got broken at some point after the ViciBox v.9.0.2 release. The result is on some systems, not all, it will cause chronyc to show 100% CPU usage on a single core. The fix seems to be reinstalling the chrony configuration files for OpenSuSE followed by a reboot to clear (or you can kill) the stuck chronyc process. Below is how you do that:
- Code: Select all
zypper in -f chrony-pool-openSUSE
reboot
-------------------------------------
Updated July 1st, 2020
The ViciBox v.9.0.2 MD linux raid array image had an error in the vicibox-mdraid1.sh setup script. The result is the fstab does not have the proper /boot entry in it. This will need to be added to prevent the boot process from messing up. This assumed that /dev/md3, which is what vicibox-mdraid1 uses, is the /boot partition. Here's how you correct the issue:
- Code: Select all
echo "UUID=$(blkid -s UUID -o value "/dev/md3") /boot ext4 defaults 0 0" >> /etc/fstab
mount /boot
-------------------------------------
Update September 10th, 2020
Chrony is broken internally in all version of ViciBox v.9. I believe it to be related to network conditions upon boot, but the result is that chronyc locks up the CPU at 100% and slowly tries to take the kernel with it. I have tried to track this down for weeks but have determined it's beyond me and no longer worth messing with even though it's the default in OpenSuSE v.15.1. My solution is to uninstall chrony in favor of the tried and true NTP Daemon. Here's how you would do that.
- Code: Select all
service chronyd stop
killall chronyc
zypper rm chrony (enter y when prompted)
zypper in ntp
systemctl enable ntpd.service
echo "restrict -4 default kod notrap nomodify nopeer noquery" >> /etc/ntp.conf
echo "restrict -6 default kod notrap nomodify nopeer noquery" >> /etc/ntp.conf
echo "server 127.127.1.0" >> /etc/ntp.conf
echo "fudge 127.127.1.0 stratum 10" >> /etc/ntp.conf
echo "server 0.opensuse.pool.ntp.org iburst" >> /etc/ntp.conf
echo "server 1.opensuse.pool.ntp.org iburst" >> /etc/ntp.conf
echo "server 2.opensuse.pool.ntp.org iburst" >> /etc/ntp.conf
echo "server 3.opensuse.pool.ntp.org iburst" >> /etc/ntp.conf
service ntpd start
-------------------------------------
Update March 18th, 2021
In preparing for ViciBox v.10 with Asterisk 16 a libjansson v.2.13 package was created in the ViciDial repository. This caused an issue as ViciBox v.9 was shipped with the libjansson package from the OS repository which was v.2.9. Since updating this package requires a vendor change it was not installed with a normal 'zypper up'. This resulted in Asterisk 13 unable to start with an error code of '/usr/sbin/asterisk: symbol lookup error: /usr/sbin/asterisk: undefined symbol: json_vsprintf'. The fix for this is to install the libjansson update which requires the vendor change. Here's how you do that:
- Code: Select all
zypper in openSUSE-Leap-15.1-ViciDial:libjansson4