Hi again,
I’ve setup the git server now and updated the ipset, but also at my own server I’m not able to find out how to get feodo updates from the right file. Can somebody help?
The wrong list URL is in the update script /usr/sbin/update-ipsets.
I updated firehol and iprange to check if a newer version works, don’t know if this is really needed.
yum install https://github.com/firehol/packages/releases/download/2021-01-01-1948/firehol-3.1.7-11.el7.noarch.rpm https://github.com/firehol/packages/releases/download/2021-01-01-1948/iprange-1.0.4-2.el7.x86_64.rpm
Edit /usr/sbin/update-ipsets line 5103 to the right URL:
"https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt" \
After downloading the feodo ipset with
/usr/sbin/update-ipsets -s -i -r run feodo
the file /var/www/html/git/ipsets/feodo.source has the correct IP addresses instead of the HTML content from the wrong download and /var/www/html/git/ipsets/feodo.setinfo shows 369 unique IPs.
EDIT:
There’s already a PR correcting the feodo URL, so future versions of firehol will include it:
3 Likes
Thanks Markus,
the new firehol version is not needed, it also works with the old version.
Am I right, that I have to create a virtual host additional to the doc? If so it should be part of the docs too.
1 Like
I think a virtualhost isn’t needed, the correct url should be like
https://yourserver.domain.org/git/ipsets
1 Like
Thanks again, this works fine,
I tried before, but I have forgotten /ipsets.
Something else is wrong at the documentation, the cron job only works with the full path to update-ipsets.
cat << EOF >> /etc/cron.d/update-ipsets
*/19 * * * * root /usr/sbin/update-ipsets
EOFI’ll do a pull request for it.
2 Likes
No real, I got some update errors Can't update blacklist repository: fetch failed
I repeated the steps
# yum autoremove nethserver-blacklist
--> Running transaction check
---> Package nethserver-blacklist.noarch 0:1.2.5-1.ns7 will be erased
--> Finished Dependency Resolution
--> Finding unneeded leftover dependencies
---> Marking git224 to be removed - no longer needed by nethserver-blacklist
---> Marking pihole-ftl to be removed - no longer needed by nethserver-blacklist
---> Marking git224-perl-Git to be removed - no longer needed by git224
---> Marking libsecret to be removed - no longer needed by git224
---> Marking git224-core-doc to be removed - no longer needed by git224
---> Marking perl-Error to be removed - no longer needed by git224-perl-Git
Found and removing 6 unneeded dependencies
--> Running transaction check
---> Package git224.x86_64 0:2.24.4-1.el7.ius will be erased
---> Package git224-core-doc.noarch 0:2.24.4-1.el7.ius will be erased
---> Package git224-perl-Git.noarch 0:2.24.4-1.el7.ius will be erased
---> Package libsecret.x86_64 0:0.18.6-1.el7 will be erased
---> Package perl-Error.noarch 1:0.17020-2.el7 will be erased
---> Package pihole-ftl.x86_64 0:5.0-3.ns7 will be erased
--> Finished Dependency Resolution
# rm -rf /usr/share/nethserver-blacklist/
# yum install nethserver-blacklist
--> Processing Conflict: git224-core-2.24.4-1.el7.ius.x86_64 conflicts git-core < 2.24.4-1.el7.ius
# yum remove git
No Match for argument: git
No Packages marked for removal
Now there is a paroxical situation
I can no longer install Thrad shield because of a git conflict
But I also can not remove Git anymore
Additionally, I removed git224-core.
Now I can reinstall thread shield
1 Like