GeoIP 1.x no longer supported

flatspin · January 25, 2019, 7:47am

Today I received this message:

/etc/cron.weekly/geoipupdate:
Received Error -21 (Sanity check database_info string failed) when attempting to update GeoIP Database
Received Error -21 (Sanity check database_info string failed) when attempting to update GeoIP Database
Received Error -21 (Sanity check database_info string failed) when attempting to update GeoIP Database
Received Error -21 (Sanity check database_info string failed) when attempting to update GeoIP Database

I believe it’s because of this:
https://bugs.centos.org/view.php?id=14712 and https://bugzilla.redhat.com/show_bug.cgi?id=1604029

RHEL states that this’ll be a wontfix, so CentOS also.

Which modules are using geoip? ntopng? phonehome? Which else?
Is there an alternative?

stephdl · January 25, 2019, 4:54pm

please what is the output

rpm -qf /etc/cron.weekly/geoipupdate

flatspin · January 25, 2019, 4:56pm

GeoIP-update-1.5.0-13.el7.noarch

pike · January 25, 2019, 7:17pm

AFAIK free GeoIP DB from maxmind has changed data structure…
And licensing.

flatspin · February 22, 2019, 7:27am

Still getting those messages. Any news on this?

TIA Ralf

giacomo · February 22, 2019, 10:17am

Where the package comes from? I don’t have installed on any of my production machine …

Is it a dependency of some Forge package?

flatspin · February 22, 2019, 10:48am

If I’m honestly I don’t know. I thougt it is part of ntop or suricata, so they can locate hosts or something.
If it’s not NS related, I’m sorry to bother you.
This machine is migrated from NS6 to NS7. Maybe an old artefact?

yum remove GeoIP give’s:

What do you think, can I savely remove??

pike · February 22, 2019, 12:44pm

The issue (again, AFAIK) comes from a change from MaxMind.
They discontinued GeoLite Legacy db updates, as stated here
https://support.maxmind.com/geolite-legacy-discontinuation-notice/

And started to supply a new db, called GeoLite2
https://dev.maxmind.com/geoip/geoip2/geolite2/
which are provided in CSV and binary format. Also with API for manage.
Data is provided under Creative Commons Attribution-ShareAlike 4.0 International License.

On pkgs.org seems to be available a different RPM also for CentoOS7
https://pkgs.org/download/geolite2-country

Hope this will help someway…

flatspin · February 22, 2019, 1:23pm

Thank you for your hints. I read about the change of maxmind from geolite to geolite 2.

But my question now is: why do I have geoip at all on my system, if it isn’t from NS?
If I don’t need it anymore, I’m glad to remove it.

giacomo · February 22, 2019, 2:41pm

You’re removing too many packages!

Just try:

yum remove GeoIP-update

flatspin · February 22, 2019, 2:52pm

Removed geoip-update. No dependencies.

But why do I have GeoIP on my system?
Why does so many packages have a dependecy on GeoIP, when it’s not NS-related?
Any idea?

mrmarkuz · February 22, 2019, 3:40pm

It’s because of suricata, ntop, bind-utils and maybe some more. Check “required by”:

https://centos.pkgs.org/7/centos-x86_64/GeoIP-1.5.0-13.el7.x86_64.rpm.html

Or on command line:

rpm -q --whatrequires geoip

giacomo · February 22, 2019, 4:41pm

@mrmarkuz is right, but I don’t why you had GeoIP-update installed.

flatspin · February 24, 2019, 11:06am

@giacomo and @mrmarkuz thank you for your answers.

So I was right with my assumption that GeoIP is needed for notop and suricata.

But if GeoIP 1.x is no longer supported and the database no more updated, it’ll become more and mor inaccurate. Wouldn’t it be worth to think about a change to GeoIP 2.x or something similar (i.e. ip2location lite)?

pike · February 24, 2019, 11:11am

I think that both projects will have to take that decision… Suricata and NTOP will take a choice and will upgrade.
Therefore, NethServer maybe can upgrade package too. Or change addon.