Category Archives: Uncategorized


Just a little regex to validate CVSSvector strings


Additional JS-Scripts for CVSS-cacluation:

Tasmota/Platformio error when compiling Tasmota for ESP8266 (firmware.elf section `.text’ will not fit in region `iram1_0_seg’ )

After changing my Tasmota ESP8266-dev environment to Visual Studio Code I ran into the problem that I always got the following error when trying to recompile my customized Tasmota firmware:

c:/users/username/.platformio/packages/toolchain-xtensa@1.40802.0/bin/../lib/gcc/xtensa-lx106-elf/4.8.2/../../../../xtensa-lx106-elf/bin/ld.exe: .pio\build\sonoff-sensors\firmware.elf section `.text' will not fit in region `iram1_0_seg'
collect2.exe: error: ld returned 1 exit status
*** [.pio\build\sonoff-sensors\firmware.elf] Error 1

Seems the problem is introduced by the updated Platformio 4 environemnt which ships some updated libraries that do not comply to the ESP-requirements. To work with Platformio 4 it is necessary to adapt the platformio.ini to match the following configuration:

build_dir = .pioenvs

platform = espressif8266@1.5.0
platformio.ini configuration file

Discussion on the Github bugtracker for the Tasmota project:

Suggested Webserver security settings

#Security Settings start
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; pre
Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' '

Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"

SSLProxyEngine on
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder on

#Custom Settings
TraceEnable off
ServerSignature Off
ServerTokens Prod

Next Thing – C.H.I.P – Driver cant be installed

UPDATE – 20181203:

or just use the microsoft driver as described on reddit –  


Today I got my new CHIP ( dev board/mini pc and tryed to set it up, but as I found out thats quite tricky to do.

Regarding to the documentation the chip only needs to be connected to a pc with a micro USB cable and is automatically installed as  serial device. After the installation the chip should be accessible via a COM-port with putty or any other program for serial communication.

So far so good, BUT … as I had to find out, the driver didn’t got installed and so it wasn’t accessible …

By default Windows should identify the device automatically and install the CDC Composite Gadget driver out of the box. But in my case it didn’t work.
It seems that the identfier canged from A4A7 to A4AA:

After some some googleing I found a driver on which nearly worked.

But it would have been too easy if it worked out of the box. So I had to adapt the *.inf-file to match my HW-ID.
Change the follwoing lines

%DESCRIPTION%=DriverInstall, USB\VID_0525&PID_A4A7, USB\VID_1D6B&PID_0104&MI_02, USB\VID_1D6B&PID_0106&MI_00

%DESCRIPTION%=DriverInstall, USB\VID_0525&PID_A4A7, USB\VID_1D6B&PID_0104&MI_02, USB\VID_1D6B&PID_0106&MI_00


%DESCRIPTION%=DriverInstall, USB\VID_0525&PID_A4AA, USB\VID_1D6B&PID_0104&MI_02, USB\VID_1D6B&PID_0106&MI_00

%DESCRIPTION%=DriverInstall, USB\VID_0525&PID_A4AA, USB\VID_1D6B&PID_0104&MI_02, USB\VID_1D6B&PID_0106&MI_00


In short: replace A4A7 with A4AA 😉

Afterwards the driver could be installed and the chip should work (as long as you do not have Windows 10).
If you try to install the driver on a Windows 10 machine, Windows will complain about the unsigned driver and will not install the driver.
To get it work on Windows 10, the OS needs to be rebooted in option mode:
shutdown.exe /r /o /f /t 00

When Windows starts up again the driver signature check could be disabled for this start and after the system is up again it’s possible to install the driver.

Continue reading Next Thing – C.H.I.P – Driver cant be installed

Cisco Deployment Guide

Today I received an useful link regarding Cisco L2 Access Switch-deployments with some interesting settings I wasn’t aware of till know.
The document is available via the following Link.

VMware RVC not working after Update – Error 193: %1 is not a valid Win32 application

Today I once again upgraded a vCenter installation and afterwards I wanted to use the RVC, but I always got the following error when trying to open the RVC:

C:/Program Files/VMware/vCenter Server/ruby/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require’: 193: %1 is not a valid Win32 application. – C:/Program Files/VMware/vCenter Server/ruby/lib/ruby/2.1.0/x64-mingw32/ (LoadError)

So … hm … fubar. It seems that there still remain some old files on the FS when upgrading and those old files seem to cause some trouble.

To fix the problem you could try to uninstall just the vmware-ruby.msi and vmware-rvc.msi (I uninstalled both, maybe it’s enough to uninstall only the rvc-package) and reinstall. After uninstalling the file there will still be an folder rvc at “C:\Program Files\VMware\vCenter Server” – rename it before reinstallling the MSI-packages to get a clean installation!
Attention – VMware passes some parameters to the MSI-files . If you just doubleclick on the files, they will get installed, but not under:
C:\Program Files\VMware\vCenter Server

I used the parameters from the upgrade which were:

F:\vCenter-Server\Packages>msiexec /i VMware-ruby.msi ALLUSERS=1 ARPSYSTEMCOMPON
ENT=1 INSTALLPATH=”C:\Program Files\VMware\vCenter Server\” APPDATAPATH=”C:\Prog

F:\vCenter-Server\Packages>msiexec /i VMware-rvc.msi ALLUSERS=1 ARPSYSTEMCOMPONE
NT=1 INSTALLPATH=”C:\Program Files\VMware\vCenter Server\” APPDATAPATH=”C:\Progr

VMware JRE update fails

While I was trying to update a VMware vCenter 6 to 6u1 today I had the problem, that the upgrade failed permanently, because of the following error:
Installation of component VMware JRE standalone installer failed with error code ‘3010’. Check the logs for more details.


Searching on the net did not bring up any results regarding this error, so I had to debug it myself. I tried to call the vmware-jre.msi directly from the DVD-ISO, and at first it seemd to run through, but, after some minutes of waiting, the MSI opened a pop up and asked for the installation-CD for vmware-jre.msi. It seemd that the new MSI wanted to uninstall the old msi-package and when trying to uninstall the old package the problem with the installation-media-dialoge popped up.

Trying to install the old version from the already installed vCenter also ended up in asking for an installation media.

At the end I started an administrative cmd-window and ran “msiexec /uninstall vmware-jre.msi” which uninstalled the old JRE and afterwards an update-process of the vCenter was possible.

Dump from the Error-Log:


Stage: install stage: install-packages / vmware-jre.msi
2015-12-17 13:53:07.820Z| vcsInstUtil-3018519| I: LaunchPkgMgr: Telling child to install "X:\vCenter-Server\Packages\vmware-jre.msi" with "INSTALLPATH="C:\Program Files\VMware\vCenter Server\" VM_UPDATE=1" details 0
2015-12-17 13:53:07.820Z| vcsInstUtil-3018519| I: wWinMain: Exe is told to run "X:\vCenter-Server\Packages\vmware-jre.msi" with "INSTALLPATH="C:\Program Files\VMware\vCenter Server\" VM_UPDATE=1" details 0
2015-12-17 13:53:18.882Z| vcsInstUtil-3018519| E: wWinMain: MSI result of install of "X:\vCenter-Server\Packages\vmware-jre.msi" may have failed: 3010 (0x00000bc2)
2015-12-17 13:53:18.882Z| vcsInstUtil-3018519| E: LaunchPkgMgr: Operation on vmware-jre.msi appears to have failed: 3010 (0x00000bc2)
2015-12-17 13:53:18.882Z| vcsInstUtil-3018519| I: PitCA_MessageBox: Displaying message: "Installation of component VMware JRE standalone installer failed with error code '3010'. Check the logs for more details."
2015-12-17 13:59:25.191Z| vcsInstUtil-3018519| I: LaunchPkgMgr: Telling child to revert transaction
VMware JRE - Installation - Error log

The MSI-packages are located on the vCenter installation disk. The iso can be downloaded from: (VMware Account needed)
Once the ISO is downloaded it can be mounted/opened (eg. 7zip) and the MSI-Packages are located at: \vCenter-Server\Packages\


Mounting the ISO and chaning with an administrative commandline to the above path is the easiest way to uninstall the file. Otherwise the DVD-content could also be extracted to any directory.

Zabbix interface status – Error reset procedure

Zabbix is quite cool, but there are still some minor problems which make life a littel bit harder (or just do not look too good).

One of this little bugs it, that if you add the wrong interface to your host and try to query it (and an error is returend) – results in an red icon for the corresponding intrface in the hosts-overview.


The only way (I know) to reset those interface is to delete the host and create it new, or the easier way would be to clone the host and delte the old one. To be honest – I don’t like any of those two possiblities, so i decided to find another way.

As a matter of fact, the info is stored in the database so we could reset the icon in the DB:  herefor we need to log in to the database and find the correct table. I assume you know hot wo log in to your DB 😉
The table which stores the infor about the interfaces would be the “hosts”-table. Ths table contains a column called “available” which indicates the interface status. For the zabbix agent it’s just called available, for snmp, ipmi, jmx, you alway the the type as a prefix – so snmp: snmp_available. the column stores an integer from 0 to 3 with:
0=if not in use (gray)
1=if in use and everything is fine =green
2=if in use and an error occured=red
so by updating the DB-entry we could reset the icon-indicator for a specific host.

UPDATE hosts SET available=0 WHERE hostid=12345;

… would set the icon for the Agent to gray for the host 12345. The host-id could be obtained by hovering over the link to the host or opening the host and afertwards it’s displayed in the address bar.



VMware 6 ESXi Hardware Health States are not displayed (with Fujitsu CIM-Provider)

After setting up a ESXi-Cluster with VSAN based on VMware 6 the Fujitsu CIM-Providers did not provide any hardware health states and also the Fujitsu vCenter plugin did not provide any data. The service always timed out an no data where gathered. Instead the following error message was diplaed:

No new host data available. Data will be updated in 5 minutes

All that happened after updating the ESXi & FJ CIM providers with the VMware Update Manager.

After some investigation it seemed that the ESXi could not communicate with the CIM-Server. A restart of the CIM-Provider and clearing of the sensor-data and event-log seemed to fix the problem and the server was finaly able to gather data.

Sync Redhat repositories to a local deployment server [RHEL6/7]

Redhat offers a great tool with Redhat satellite server especially with Satellite 6.  But the price is quite high, and if you need to provides packages and updates to multiple separated environments it’s out of the picture.
(For those who are interessted – Katello is the upstream project of Redhat’s Satellite 6).

So the question is now, how to get the the Redhat repos to your deployment server.
First a subscription is needed and only channels/repos included in this subscription can be synchronized.
If we have the channels/repos availalbe on our system which we want to use to sync we can use reposync to pull all the repositoriers from the internet.
The follwoing example shows a list of repositories which are available on my machine:

[root@server~]# yum repolist
Loaded plugins: downloadonly, refresh-packagekit, rhnplugin, security
This system is receiving updates from RHN Classic or RHN Satellite.
repo id                                    repo name                                                          status
epel                                       Extra Packages for Enterprise Linux 6 - x86_64                     11,588
rhel-x86_64-server-6                       Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)           14,872
rhel-x86_64-server-6-rhscl-1               Red Hat Software Collections 1 (RHEL 6 Server x86_64)               3,003
rhel-x86_64-server-dts-6                   Red Hat Developer Toolset (for RHEL 6 Server for x86_64)               84
rhel-x86_64-server-dts2-6                  Red Hat Developer Toolset 2 (for RHEL 6 Server for x86_64)            469
rhel-x86_64-server-extras-6                RHEL Server Extras (v. 6 for 64-bit x86_64)                            17
rhel-x86_64-server-ha-6                    RHEL Server High Availability (v. 6 for 64-bit x86_64)                423
rhel-x86_64-server-optional-6              RHEL Server Optional (v. 6 64-bit x86_64)                           8,313
rhel-x86_64-server-rh-common-6             Red Hat Common (for RHEL 6 Server x86_64)                              59
rhel-x86_64-server-supplementary-6         RHEL Server Supplementary (v. 6 64-bit x86_64)                        514
repolist: 39,342
Available channels


The easiest way to sync a repo is to just call the following command:

reposync -p /path/to/storeage/dir/RHserv6-general_64/ --repoid=rhel-x86_64-server-6 -l
Sync repos

Important is to add the -l option to the command. The command enables the yum-plugins and to be able to sync directly from Redhat those plugins have to be enabeld!

But I think the most people don’t want to run the synchronization by hand and some metadata also would be nice – so you can use/adapt the following script and add it as a cronjob.

#       @Author:
#       @Description:
#               Script synchronizes the RH-repos

datetime=$(date +"%F_%T")

reposync -p /path/to/storeage/dir/RHserv6-general_64/ --repoid=rhel-x86_64-server-6 -l --download-metadata > /var/log/reposync/general_$datetime.log
compsfile=$(echo "$(ls -d /path/to/storeage/dir/RHserv6-general_64/* | grep rhel)/comps.xml")
createrepo /path/to/storeage/dir/RHserv6-general_64/ -g $compsfile --update

reposync -p /path/to/storeage/dir/RHserv6-common_64/ --repoid=rhel-x86_64-server-rh-common-6 -l --download-metadata > /var/log/reposync/common_$datetime.log
compsfile=$(echo "$(ls -d /path/to/storeage/dir/RHserv6-common_64/* | grep rhel)/comps.xml")
createrepo /path/to/storeage/dir/RHserv6-common_64/ -g $compsfile --update

reposync -p /path/to/storeage/dir/RHserv6-optional_64/ --repoid=rhel-x86_64-server-optional-6 -l --download-metadata > /var/log/reposync/optional_$datetime.log
compsfile=$(echo "$(ls -d /path/to/storeage/dir/RHserv6-optional_64/* | grep rhel)/comps.xml")
createrepo /path/to/storeage/dir/RHserv6-optional_64/ -g $compsfile --update

#rhel Software Collection
reposync -p /path/to/storeage/dir/RHserv6-rhscl_64/ --repoid=rhel-x86_64-server-6-rhscl-1 -l --download-metadata > /var/log/reposync/scl_$datetime.log
compsfile=$(echo "$(ls -d /path/to/storeage/dir/RHserv6-rhscl_64/* | grep rhel)/comps.xml")
createrepo /path/to/storeage/dir/RHserv6-scl_64/ -g $compsfile --update
automated sync script

So, what does this script do?
Because it’s intended to be used as a cronjob it logs the sync-process to /var/log/reposync – I don’t do any logrotation because the files are quite small and the cronjobs runs only once a week – so there is not too much space used by the logfiles and I clean them from hand. but if its ran more often you should think about log rotation.

Reposync itself creates a subfolder in the spceified directory which is named like the repoid and contains the metadata (comps & updateinfo + a directory called getPackage which contains the rpm-packages).  The comps-file contains all the group-infos and updateinfo is needed if you want to use yum just for security updates.
Herefor the yum-plugin “yum-plugin-security” is a good choice.


With the “–download-metadata” parameter in the reposync command the updateinfo.xml-files are also downloaded (as far as they exist for the repo). Normaly the file is downloaded in the following format: <HASH>-updateinfo.xml.gz

To use the updateinfo-file in your synchronized repo the file has to be gunziped and renamed to updateinfo.xml – so the hash at the beginning of the filname needs to be striped away. Otherwise it is likely that the updates are not recognized correctly! So convert your downloaded updateinfo-metadata file to updateinfo.xml and run use modify repo to update your repository with the security update informations from the updateinfo.xml.

modifyrepo updateinfo.xml repodata
update the metadata of the local repo