GeoIP 1.x no longer supported

v7

(Ralf Jeckel) #1

Today I received this message:

/etc/cron.weekly/geoipupdate:
Received Error -21 (Sanity check database_info string failed) when attempting to update GeoIP Database
Received Error -21 (Sanity check database_info string failed) when attempting to update GeoIP Database
Received Error -21 (Sanity check database_info string failed) when attempting to update GeoIP Database
Received Error -21 (Sanity check database_info string failed) when attempting to update GeoIP Database

I believe it’s because of this:
https://bugs.centos.org/view.php?id=14712 and https://bugzilla.redhat.com/show_bug.cgi?id=1604029

RHEL states that this’ll be a wontfix, so CentOS also.

Which modules are using geoip? ntopng? phonehome? Which else?
Is there an alternative?


(Stéphane de Labrusse) #2

please what is the output

rpm -qf /etc/cron.weekly/geoipupdate


(Ralf Jeckel) #3

GeoIP-update-1.5.0-13.el7.noarch


(Michael Kicks) #4

AFAIK free GeoIP DB from maxmind has changed data structure…
And licensing.


(Ralf Jeckel) #5

Still getting those messages. Any news on this?

TIA Ralf


(Giacomo Sanchietti) #6

Where the package comes from? I don’t have installed on any of my production machine …

Is it a dependency of some Forge package?


(Ralf Jeckel) #7

If I’m honestly I don’t know. I thougt it is part of ntop or suricata, so they can locate hosts or something.
If it’s not NS related, I’m sorry to bother you. :blush:
This machine is migrated from NS6 to NS7. Maybe an old artefact?

yum remove GeoIP give’s:

What do you think, can I savely remove??


(Michael Kicks) #8

The issue (again, AFAIK) comes from a change from MaxMind.
They discontinued GeoLite Legacy db updates, as stated here
https://support.maxmind.com/geolite-legacy-discontinuation-notice/

And started to supply a new db, called GeoLite2
https://dev.maxmind.com/geoip/geoip2/geolite2/
which are provided in CSV and binary format. Also with API for manage.
Data is provided under Creative Commons Attribution-ShareAlike 4.0 International License.

On pkgs.org seems to be available a different RPM also for CentoOS7
https://pkgs.org/download/geolite2-country

Hope this will help someway…


(Ralf Jeckel) #9

Thank you for your hints. I read about the change of maxmind from geolite to geolite 2.

But my question now is: why do I have geoip at all on my system, if it isn’t from NS?
If I don’t need it anymore, I’m glad to remove it.


(Giacomo Sanchietti) #10

You’re removing too many packages!

Just try:

yum remove GeoIP-update

(Ralf Jeckel) #11

Removed geoip-update. No dependencies.

But why do I have GeoIP on my system?
Why does so many packages have a dependecy on GeoIP, when it’s not NS-related?
Any idea?


(Markus Neuberger) #12

It’s because of suricata, ntop, bind-utils and maybe some more. Check “required by”:

https://centos.pkgs.org/7/centos-x86_64/GeoIP-1.5.0-13.el7.x86_64.rpm.html

Or on command line:

rpm -q --whatrequires geoip


(Giacomo Sanchietti) #13

@mrmarkuz is right, but I don’t why you had GeoIP-update installed.


(Ralf Jeckel) #14

@giacomo and @mrmarkuz thank you for your answers.

So I was right with my assumption that GeoIP is needed for notop and suricata.

But if GeoIP 1.x is no longer supported and the database no more updated, it’ll become more and mor inaccurate. Wouldn’t it be worth to think about a change to GeoIP 2.x or something similar (i.e. ip2location lite)?


(Michael Kicks) #15

I think that both projects will have to take that decision… Suricata and NTOP will take a choice and will upgrade.
Therefore, NethServer maybe can upgrade package too. Or change addon.