Better document legacy convertion procedure

fzipi · fzipi · commit 1018ef5227c8 · 2019-10-20T17:25:26.000-03:00
Add text with instructions for a simple conversion utility.
diff --git a/crs-setup.conf.example b/crs-setup.conf.example
@@ -626,18 +626,34 @@ SecDefaultAction "phase:2,log,auditlog,pass"
 # There are two formats for the GeoIP database. ModSecurity v2 uses v1 (.dat files),
 # and ModSecurity v3 uses v2 (.mmdb files).
 #
-# MaxMind provides a binary for updating, see https://github.com/maxmind/geoipupdate.
+# If you use ModSecurity 3, MaxMind provides a binary for updating GeoLite2 files, 
+# see https://github.com/maxmind/geoipupdate.
+#
 # Download the package for your OS, and read https://dev.maxmind.com/geoip/geoipupdate/
 # for configuration options.
 # 
-# You should also update the database regularly, see Step 3 of the configuration link above.
+# Warning: GeoLite (not GeoLite2) databases are considered legacy, and not being updated anymore.
+# See https://support.maxmind.com/geolite-legacy-discontinuation-notice/ for more info.
+#
+# Therefore, if you use ModSecurity v2, you need to regenerate updated .dat files 
+# from CSV files first.
+#
+# You can achieve this using https://github.com/sherpya/geolite2legacy
+# Pick the zip files from maxmind site:
+# https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip
+#
+# Follow the guidelines for installing the tool and run:
+# ./geolite2legacy.py -i GeoLite2-Country-CSV.zip \
+#                     -f geoname2fips.csv -o /usr/share/GeoliteCountry.dat
+#
+# Update the database regularly, see Step 3 of the configuration link above.
 #
 # By default, when you execute `sudo geoipupdate` on Linux, files from the free database
 # will be downloaded to `/usr/share/GeoIP` (both v1 and v2).
 #
 # Then choose from:
 #   - `GeoLite2-Country.mmdb` (if you are using ModSecurity v3)
-#   - `GeoLiteCountry.dat` (a.k.a. `GeoIP.dat` if you are using ModSecurity v2)
+#   - `GeoLiteCountry.dat`    (if you are using ModSecurity v2)
 #
 # Ref: http://blog.spiderlabs.com/2010/10/detecting-malice-with-modsecurity-geolocation-data.html
 # Ref: http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html
@@ -647,7 +663,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
 #
 # For ModSecurity v3:
 #SecGeoLookupDB /usr/share/GeoIP/GeoLite2-Country.mmdb
-# For ModSecurity v2:
+# For ModSecurity v2 (points to the converted one):
 #SecGeoLookupDB /usr/share/GeoIP/GeoLiteCountry.dat
 
 #
