The RSA Web Threat Detection installation includes the GeoIP-1.4.8-1.el6.x86_64.rpm as a dependency. This RPM provides a geoipupdate utility.
1. Modify the config file /etc/GeoIP.conf so that includes a MaxMind UserID and Licence Key and the appropriate ProductIDs. NOTE: The free GeoIP Legacy City Lite database does not need a license key, just a placeholder as below. If you license the full database from MaxMind include those details instead.
[root@croxfglab ~]# nano /etc/GeoIP.conf
# The following UserId and LicenseKey are required placeholders: UserId 999999 LicenseKey 000000000000
# Include one or more of the following ProductIds: # * GeoLite2-City - GeoLite 2 City # * GeoLite2-Country - GeoLite2 Country # * GeoLite-Legacy-IPv6-City - GeoLite Legacy IPv6 City # * GeoLite-Legacy-IPv6-Country - GeoLite Legacy IPv6 Country # * 506 - GeoLite Legacy Country # * 517 - GeoLite Legacy ASN # * 533 - GeoLite Legacy City ProductIds 533 GeoLite-Legacy-IPv6-City
2. Run the geoipupdate utility specifying the WTD geoip database location. [root@croxfglab ~]# geoipupdate -v -d /var/opt/silvertail/lib/
Opened License file /etc/GeoIP.conf Read in license key YOUR_LICENSE number of product ids 2 Connecting to MaxMind GeoIP server via Host or Proxy Server: api.maxmind.com:80 sending request GET /app/update_getfilename?product_id=533 HTTP/1.0 Host: updates.maxmind.com
database product id 533 database file name /var/opt/silvertail/lib/GeoLiteCity.dat MD5 Digest of installed database is b8fe7967ae5ce66f8d4b786fa77d1c52 MD5 sum of database /var/opt/silvertail/lib/GeoLiteCity.dat is b8fe7967ae5ce66f8d4b786fa77d1c52 Connecting to MaxMind GeoIP Update server sending request GET /app/update_getipaddr HTTP/1.0 Host: updates.maxmind.com
client ip address: 152.62.109.201 md5sum of ip address and license key is 20b48aa5b106ff5b918ad2046d150cef sending request GET /app/update_secure?db_md5=b8fe7967ae5ce66f8d4b786fa77d1c52&challenge_md5=20b48aa5b106ff5b918ad2046d150cef&user_id=&edition_id=533 HTTP/1.0 Host: updates.maxmind.com
Downloading gzipped GeoIP Database... /var/opt/silvertail/lib/GeoLiteCity.dat is up to date, no updates required GeoIP Database up to date Connecting to MaxMind GeoIP server via Host or Proxy Server: api.maxmind.com:80 sending request GET /app/update_getfilename?product_id=GeoLite-Legacy-IPv6-City HTTP/1.0 Host: updates.maxmind.com
database product id GeoLite-Legacy-IPv6-City database file name /var/opt/silvertail/lib/GeoLiteCityv6.dat MD5 Digest of installed database is 5f2460c6dc72de8ed924275b8347f5c7 MD5 sum of database /var/opt/silvertail/lib/GeoLiteCityv6.dat is 5f2460c6dc72de8ed924275b8347f5c7 md5sum of ip address and license key is 20b48aa5b106ff5b918ad2046d150cef sending request GET /app/update_secure?db_md5=5f2460c6dc72de8ed924275b8347f5c7&challenge_md5=20b48aa5b106ff5b918ad2046d150cef&user_id=&edition_id=GeoLite-Legacy-IPv6-City HTTP/1.0 Host: updates.maxmind.com
Downloading gzipped GeoIP Database... Done Updating /var/opt/silvertail/lib/GeoLiteCityv6.dat Saving gzip file to /var/opt/silvertail/lib/GeoLiteCityv6.dat.gz ... download data to a gz file named /var/opt/silvertail/lib/GeoLiteCityv6.dat.gz Done Uncompressing gzip file ... Done Performing santity checks ... Database type is 30 database_info PASS lookup PASS Done Updated database
3. Automate the geoipupdate utility using cron to run. (e.g. weekly) [root@croxfglab ~]# crontab -e 36 19 * * 6 /usr/local/bin/geoipupdate -d /var/opt/silvertail/lib/
|