Hi all,
Recently, I have installed IntelMQ in a CentOS 7.4 host (fully patched) and I see some "errors" in official IntelMQ's rpm packages installed from http://download.opensuse.org/repositories/home:/sebix:/intelmq/CentOS_7/.
a/ /etc/cron.d/intelmq-update-data. Content is:
# /etc/cron.d/intelmq-update-data: crontab fragment for intelmq # This updates the data files used by some expert bots. # # m h dom mon dow command # Update data for tor_nodes bot: 11 0 * * * intelmq /usr/bin/update-tor-nodes /var/lib/intelmq/bots/tor_nodes/tor_nodes.dat # Update data for maxmind_geoip bot: 17 0 * * * intelmq /usr/bin/update-geoip-data /var/lib/intelmq/bots/maxmind_geoip/GeoLite2-City.mmdb # Update data for asn_lookup bot: 23 0 * * * intelmq /usr/bin/update-asn-data /var/lib/intelmq/bots/asn_lookup/ipasn.dat # Update data for the RIPE DB abuse_c offline contact lookup 25 6 * * * intelmq /usr/bin/update-ripencc_abuse_contact_offline /var/lib/intelmq/bots/ripencc_abuse_contact_offline/
Where are these scripts: update-tor-nodes, update-geoip-data, update-asn-data and update-ripencc_abuse_contact_offline? They don't exist in my system. But exists intelmq-update-asn-data, intelmq-update-geoip-data and intelmq-update-tor-nodes (not ripe).
b/ /etc/logrotate.d/intelmq. Content is:
compress delaycompress copytruncate create 640 intelmq intelmq
/var/log/intelmq/*.log { su intelmq intelmq daily maxsize 10M rotate 60 notifempty sharedscripts postrotate /usr/bin/intelmqctl reload --quiet endscript }
/var/lib/intelmq/bots/file-output/*.txt { su intelmq intelmq daily maxsize 10M rotate 60 notifempty sharedscripts postrotate /usr/bin/intelmqctl reload file-output --quiet endscript }
... but returns the following email error:
From root@cosintelmq.mydomain.com Mon Nov 13 08:29:04 2017 Return-Path: root@cosintelmq.mydomain.com X-Original-To: root Delivered-To: root@cosintelmq.mydomain.com From: Anacron root@cosintelmq.mydomain.com To: root@cosintelmq.mydomain.com Content-Type: text/plain; charset="UTF-8" Subject: Anacron job 'cron.daily' on cosintelmq.mydomain.com Date: Mon, 13 Nov 2017 08:29:04 +0000 (UTC) Status: R
/etc/cron.daily/logrotate:
intelmqctl: Running intelmqctl as root is highly discouraged! usage: intelmqctl [-h] [-v] [--type {text,json}] [--quiet]
{list,check,clear,log,run,help,start,stop,restart,reload,status,enable,disable} ... intelmqctl: error: unrecognized arguments: --quiet error: error running shared postrotate script for '/var/log/intelmq/*.log '
Maybe is it more correct to do this:
- /usr/bin/intelmqctl reload --quiet + su -m intelmq -c ' /usr/bin/intelmqctl reload --quiet'
- /usr/bin/intelmqctl reload file-output --quiet + su -m intelmq -c '/usr/bin/intelmqctl reload file-output --quiet' ??
Thanks.