Hi folks.
If You are asking Yourself this question:
OMG WT...? My machine is talking to 174.36.207.186 / softlayer / maxmind! Did I got a virus / malware / trojan? Was my security breached?
Stop panicking all is OK...
This isn't a tip or trick in a default meaning of the words but just a info.
The connection to xxx.xxx.xxx.xxx-static.reverse.softlayer.com / geolite.maxmind.com
does NOT means You have a virus, trojan, malware or that there was some 3rd person messing with Your machine. It's just GeoIP package upgrading it's database. It happens once a month. It's setup as a monthly cron job.
[andrzejl@icsserver ~]$ su
Password:
[root@icsserver andrzejl]# rpm -qa | grep geoip
libgeoip1-1.4.7-1pclos2011
geoip-1.4.7-1pclos2011
libgeoipupdate0-1.4.7-1pclos2011
[root@icsserver andrzejl]# cat /etc/cron.monthly/geoip
#!/bin/sh
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz -O /tmp/GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -O /tmp/GeoLiteCity.dat.gz
cd /tmp
gunzip GeoIP.dat.gz
gunzip GeoLiteCity.dat.gz
mv -f /tmp/GeoIP.dat /usr/share/GeoIP/GeoIP.dat
mv -f /tmp/GeoLiteCity.dat /usr/share/GeoIP/GeoLiteCity.dat
[root@icsserver andrzejl]#
No reason to panic
.
Thanks
kjpetrie for the info.
Regards.
Andy
