search

csirtgadgets / massive-octo-spice

DEPRECATED - USE v3 (bearded-avenger)
https://github.com/csirtgadgets/bearded-avenger-deploymentkit/wiki
GNU Lesser General Public License v3.0
227 stars 62 forks source link

error: GeoIP2 -> 0 is not a valid PositiveInt #410

Closed giovino closed 8 years ago

giovino commented 8 years ago 
bash massive-octo-spice/src/bin/version.sh -p
2.00.00-rc.14-15-g3c8cc6a

Maybe something with GeoIP2 has changed?

$ grep "0 is not a valid PositiveInt" /var/log/cif-worker.log | wc -l
14368
[2016-05-04T14:26:08,909Z][26393][ERROR]: 0 is not a valid PositiveInt

Trace begun at /usr/local/share/perl/5.18.2/GeoIP2/Types.pm line 244
GeoIP2::Types::_tc_fail(0, 'PositiveInt') called at (eval 1374) line 70
eval {...} at (eval 1374) line 59
GeoIP2::Record::Location::new(undef, 'time_zone', 'Europe/Bucharest', 'longitude', 25, 'latitude', 46, 'accuracy_radius', 0, 'locales', 'ARRAY(0x6d4ade8)') called at /usr/local/share/perl/
5.18.2/GeoIP2/Role/Model/Location.pm line 100
GeoIP2::Role::Model::Location::_build_record('GeoIP2::Model::Insights=HASH(0x6c09520)', 'location', '_raw_location') called at (eval 1372) line 30
GeoIP2::Model::Insights::location('GeoIP2::Model::Insights=HASH(0x6c09520)') called at /opt/cif/bin/../lib/perl5/CIF/Meta/GeoIP.pm line 76
CIF::Meta::GeoIP::process('CIF::Meta::GeoIP=HASH(0x6c1b728)', 'HASH(0x6bd52c0)') called at /opt/cif/bin/../lib/perl5/CIF/Worker.pm line 188
CIF::Worker::_process_metadata('CIF::Worker=HASH(0x3d39208)', 'HASH(0x6bd52c0)') called at /opt/cif/bin/../lib/perl5/CIF/Worker.pm line 160
CIF::Worker::process('CIF::Worker=HASH(0x3d39208)', '{^J   "observable" : "46.97.103.50",^J   "otype" : "ipv4",^J   "@version" : 2,^J   "lang" : "EN",^J   "portlist" : "3128",^J   "reportt
ime" : "2016-05-04T23:26:02Z",^J   "rir" : "ripencc",^J   "asn" : "12302",^J   "confidence" : 75,^J   "provider" : "txt.proxyspy.net",^J   "prefix" : "46.97.0.0/16",^J   "@timestamp" : "20
16-05-04T23:26:08.363Z",^J   "peers" : [^J      {^J         "rir" : "ripencc",^J         "asn" : "1273",^J         "asn_description" : "CW Cable and Wireless Worldwide plc, GB",^J         
"date" : "2010-05-31",^J         "cc" : "RO",^J         "prefix" : "46.97.0.0/16"^J      },^J      {^J         "asn" : "3209",^J         "asn_description" : "VODANET Vodafone GmbH, DE",^J 
        "rir" : "ripencc",^J         "cc" : "RO",^J         "date" : "2010-05-31",^J         "prefix" : "46.97.0.0/16"^J      }^J   ],^J   "asn_desc" : "VODAFONE_RO Vodafone Romania S.A., 
RO",^J   "group" : [^J      "everyone"^J   ],^J   "tlp" : "green",^J   "cc" : "RO",^J   "tags" : [^J      "proxy"^J   ],^J   "lasttime" : "2016-05-04T23:26:08Z",^J   "firsttime" : "2016-05
-04T23:26:08Z",^J   "altid_tlp" : "white",^J   "id" : "d306e8df111cdde77e469964adcbc5563f7f0b3dce8e2d55fee6036e7acbaa18",^J   "altid" : "http://txt.proxyspy.net/proxy.txt"^J}^J') called at
 /opt/cif/bin/cif-worker line 298
main::try {...}  at /usr/share/perl5/Try/Tiny.pm line 81
eval {...} at /usr/share/perl5/Try/Tiny.pm line 72
Try::Tiny::try('CODE(0x6cb3a48)', 'Try::Tiny::Catch=REF(0x6d4c0e8)') called at /opt/cif/bin/cif-worker line 301
main::__ANON__('EV::IO=SCALAR(0x3d286b0)', 1) called at /usr/lib/perl5/AnyEvent/Impl/EV.pm line 88
eval {...} at /usr/lib/perl5/AnyEvent/Impl/EV.pm line 88
AnyEvent::CondVar::Base::_wait('AnyEvent::CondVar=HASH(0x3d28410)') called at /usr/lib/perl5/AnyEvent.pm line 1995
AnyEvent::CondVar::Base::recv('AnyEvent::CondVar=HASH(0x3d28410)') called at /opt/cif/bin/cif-worker line 311
main::workers(4) called at /opt/cif/bin/cif-worker line 227
main::main at /opt/cif/bin/cif-worker line 196
main::__ANON__('Daemon::Control=HASH(0x67ff5e8)') called at /usr/local/share/perl/5.18.2/Daemon/Control.pm line 345
Daemon::Control::_launch_program('Daemon::Control=HASH(0x67ff5e8)') called at /usr/local/share/perl/5.18.2/Daemon/Control.pm line 299
Daemon::Control::_double_fork('Daemon::Control=HASH(0x67ff5e8)') called at /usr/local/share/perl/5.18.2/Daemon/Control.pm line 498
Daemon::Control::do_start('Daemon::Control=HASH(0x67ff5e8)') called at /usr/local/share/perl/5.18.2/Daemon/Control.pm line 685
Daemon::Control::run_command('Daemon::Control=HASH(0x67ff5e8)', 'start') called at /usr/local/share/perl/5.18.2/Daemon/Control.pm line 697
Daemon::Control::run('Daemon::Control=HASH(0x67ff5e8)') called at /opt/cif/bin/cif-worker line 198
[2016-05-04T14:26:08,910Z][26393][ERROR]: $VAR1 = '{
   "observable" : "46.97.103.50",
   "otype" : "ipv4",
   "@version" : 2,
   "lang" : "EN",
   "portlist" : "3128",
   "reporttime" : "2016-05-04T23:26:02Z",
   "rir" : "ripencc",
   "asn" : "12302",
   "confidence" : 75,
   "provider" : "txt.proxyspy.net",
   "prefix" : "46.97.0.0/16",
   "@timestamp" : "2016-05-04T23:26:08.363Z",
   "peers" : [
      {
         "rir" : "ripencc",
         "asn" : "1273",
         "asn_description" : "CW Cable and Wireless Worldwide plc, GB",
         "date" : "2010-05-31",
         "cc" : "RO",
         "prefix" : "46.97.0.0/16"
      },
      {
         "asn" : "3209",
         "asn_description" : "VODANET Vodafone GmbH, DE",
         "rir" : "ripencc",
         "cc" : "RO",
         "date" : "2010-05-31",
         "prefix" : "46.97.0.0/16"
      }
   ],
   "asn_desc" : "VODAFONE_RO Vodafone Romania S.A., RO",
   "group" : [
      "everyone"
   ],
   "tlp" : "green",
   "cc" : "RO",
   "tags" : [
      "proxy"
   ],
   "lasttime" : "2016-05-04T23:26:08Z",
   "firsttime" : "2016-05-04T23:26:08Z",
   "altid_tlp" : "white",
   "id" : "d306e8df111cdde77e469964adcbc5563f7f0b3dce8e2d55fee6036e7acbaa18",
   "altid" : "http://txt.proxyspy.net/proxy.txt"
}
';
villain commented 8 years ago

yep, also seeing this. thought i had messed something up so i blew away my install

giovino commented 8 years ago

it appears to be a upstream issue.

https://github.com/maxmind/GeoIP2-perl/issues/39

villain commented 8 years ago

looks like this was found with the monthly cron update of the geoip2 database. i imagine a few people will be looking for this soon

giovino commented 8 years ago

I ran /usr/bin/geoipupdate and it did not find the updated file referenced in the GeoIP2-perl

/usr/bin/geoipupdate -v
geoipupdate 2.2.2
Opened License file /etc/GeoIP.conf
UserId 999999
LicenseKey 000000000000
Insert product_id GeoLite2-City
Read in license key /etc/GeoIP.conf
Number of product ids 1
url: https://updates.maxmind.com/app/update_getfilename?product_id=GeoLite2-City
md5hex_digest: 0ca85433d0568f9cee58830508a8642c
url: https://updates.maxmind.com/app/update_getipaddr
Client IP address: 2601:801:200:295b:3030:61ff:fe37:3038
md5hex_digest2: 0d8a898f92081719d10fd9beee9cc575
url: https://updates.maxmind.com/app/update_secure?db_md5=0ca85433d0568f9cee58830508a8642c&challenge_md5=0d8a898f92081719d10fd9beee9cc575&user_id=999999&edition_id=GeoLite2-City
No new updates available

I downloaded it from the URL they referenced and got newer copy:

$ sudo su -
$ cd /tmp/
$ wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz
$ gzip -d GeoLite2-City.mmdb.gz
$ mv GeoLite2-City.mmdb /var/cache/
villain commented 8 years ago

from the repo (same as in the update) cif@prime:~/massive-octo-spice/contrib$ md5sum GeoLite2-City.mmdb a9de7c38b4dce4a5ba248749f95072a9 GeoLite2-City.mmdb

old copy of db (pre-update) cif@prime:~/massive-octo-spice/contrib$ md5sum /var/cache/GeoLite2-City.mmdb d1a294e619f897d2fd3f2d6b0be63e37 /var/cache/GeoLite2-City.mmdb

giovino commented 8 years ago

fixed upstream