[Intelmq-dev] GeoIP expert crashes with invalid database
Thomas Hungenberg
th at cert-bund.de
Fri Jul 28 10:00:14 CEST 2017
I noticed the geoip expert bot crashed on our IntelMQ instance.
In the logs I found:
# tail /opt/intelmq/var/log/maxmind-geoip-expert.log
maxminddb.errors.InvalidDatabaseError: Error opening database file
(/opt/intelmq/var/lib/bots/maxmind_geoip/GeoLite2-City.mmdb). Is this a valid MaxMind DB file?
2017-07-28 09:23:00,674 - maxmind-geoip-expert - INFO - Bot stopped.
It looks like the database file was only partially downloaded with the
cron-based update last night. :-/
I was able to fix this by running /usr/bin/update-geoip-data
To avoid this, I think the updater should verify the downloaded database
before overwriting the file.
Also, it looks like the script /usr/bin/update-geoip-data simply passes on
any parameters to "mv" which is probably not a good idea:
# /usr/bin/update-geoip-data --help
Usage: mv [OPTION]... [-T] SOURCE DEST
or: mv [OPTION]... SOURCE... DIRECTORY
or: mv [OPTION]... -t DIRECTORY SOURCE...
Rename SOURCE to DEST, or move SOURCE(s) to DIRECTORY.
- Thomas
CERT-Bund Incident Response & Malware Analysis Team
More information about the Intelmq-dev
mailing list