ops / monitor-service · Commits

Go to a project

Authored by qinchao
Commit 42c609be892cd53a8a0e058573cb9027f1cecfd4 1 parent 224e7447

添加方法:添加封杀恶意ip

Inline Side-by-side
Showing 7 changed files with 96 additions and 49 deletions
... ... @@ -142,7 +142,7 @@ public class HostInfoCtrl {
@RequestMapping("/getHostInfoByTagNginx")
@ResponseBody
public String getHostInfoByTagNginx() throws Exception {
List<HostInfo> hostInfoList= hostInfoService.getHostInfosByTag("nginx");
List<HostInfo> hostInfoList= hostInfoService.getHostInfosByTag("upstream-switch");
Set<String> ips=new HashSet<String>();
if(hostInfoList!=null&&hostInfoList.size()>0){
for(HostInfo host:hostInfoList){
... ...
... ... @@ -3,7 +3,9 @@ package com.monitor.other.maliciousip.ctrl;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.model.HostInfo;
import com.model.MalIpRule;
import com.monitor.cmdb.service.IHostInfoService;
import com.monitor.common.service.HttpRestClientService;
import com.monitor.model.page.PageRequest;
import com.monitor.model.response.BaseResponse;
... ... @@ -24,7 +26,10 @@ import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* 恶意ip
... ... @@ -34,18 +39,15 @@ import java.util.List;
@Controller
@RequestMapping("/maliciousIp")
public class MaliciousIpController {
@Value("${malicious.ip.redis.write.all.host}")
private String maliciousRedisHosts;
@Value("${malicious.ip.redis.write.all.port}")
private String maliciousRedisPorts;
@Autowired
private HttpRestClientService httpRestClientService;
@Autowired
private MaliciousIpServiceImpl ipImpl;
@Autowired
IHostInfoService hostInfoService;
Logger log = LoggerFactory.getLogger(MaliciousIpController.class);
... ... @@ -107,32 +109,56 @@ public class MaliciousIpController {
@RequestMapping("/delMipsFromOpsRedis")
@ResponseBody
public BaseResponse delMipsFromOpsRedis(String ip) {
StringBuilder sb=new StringBuilder();
if(StringUtils.isNotBlank(ip)){
//获取header信息,
/* HttpHeaders headers = new HttpHeaders();
headers.add("Host","erp.yoho.yohoops.org");*/
String[] hosts=maliciousRedisHosts.split(",");
for(int i=0;i<hosts.length;i++){
//":"+ports[i] 不需要端口号
String url="http://"+hosts[i]+"/malIp?method=del&ips=";
String removeReturnMsg = httpRestClientService.getWithHeaderHost(url + ip, null, String.class);
if(StringUtils.isBlank(removeReturnMsg)){
return new BaseResponse(201,"删除恶意ip返回结果为空,删除出现异常,主机:"+hosts[i]);
}
JSONObject jo = JSON.parseObject(removeReturnMsg);
Object codeValueStr=jo.get("code");
if(codeValueStr==null){
return new BaseResponse(201,"删除恶意ip返回结果code为空,删除出现异常,主机:"+hosts[i]);
}
Integer codeValue=(Integer)codeValueStr;
if(codeValue!=200){
return new BaseResponse(201,"删除恶意ip出现异常,主机:"+hosts[i]+",异常msg:"+removeReturnMsg);
List<String> hosts=getNginxHost();
for(String ipSingle:ip.split(",")){
for(int i=0;i<hosts.size();i++){
String nginxHostIp=hosts.get(i);
String rtnmsg="删除恶意ip,主机:"+nginxHostIp;
String url="http://"+nginxHostIp+"/malIp?method=del&ips=";
String removeReturnMsg = httpRestClientService.getWithHeaderHost(url + ipSingle, null, String.class);
if(StringUtils.isBlank(removeReturnMsg)){
rtnmsg="删除恶意ip返回结果为空,删除出现异常,主机:"+nginxHostIp;
}else{
JSONObject jo = JSON.parseObject(removeReturnMsg);
Object codeValueStr=jo.get("code");
if(codeValueStr==null){
rtnmsg="删除恶意ip返回结果code为空,删除出现异常,主机:"+nginxHostIp;
}else{
Integer codeValue=(Integer)codeValueStr;
if(codeValue!=200){
rtnmsg="删除恶意ip出现异常,主机:"+nginxHostIp+",异常msg:"+removeReturnMsg;
}
}
}
sb.append("<br>");
sb.append(rtnmsg);
}
ipImpl.delMipsFromOpsRedis(ipSingle);
}
ipImpl.delMipsFromOpsRedis(ip);
}
return new BaseResponse();
BaseResponse rtnBaseResponse= new BaseResponse();
rtnBaseResponse.setData(sb.toString());
return rtnBaseResponse;
}
private List<String> getNginxHost(){
List<HostInfo> hostInfoList= hostInfoService.getHostInfosByTag("upstream-switch");
List<String> ips=new ArrayList<>();
if(hostInfoList!=null&&hostInfoList.size()>0){
for(HostInfo host:hostInfoList){
ips.add(host.getHostIp());
}
}
return ips;
}
/**
... ... @@ -142,31 +168,45 @@ public class MaliciousIpController {
@RequestMapping("/addMipsFromOpsRedis")
@ResponseBody
public BaseResponse addMipsFromOpsRedis(String ip) {
StringBuilder sb=new StringBuilder();
if(StringUtils.isNotBlank(ip)){
//获取header信息,
/* HttpHeaders headers = new HttpHeaders();
headers.add("Host","erp.yoho.yohoops.org");*/
String[] hosts=maliciousRedisHosts.split(",");
for(int i=0;i<hosts.length;i++){
//":"+ports[i] 不需要端口号
String url="http://"+hosts[i]+"/malIp?method=add&ips=";
String removeReturnMsg = httpRestClientService.getWithHeaderHost(url + ip, null, String.class);
if(StringUtils.isBlank(removeReturnMsg)){
return new BaseResponse(201,"添加恶意ip返回结果为空,出现异常,主机:"+hosts[i]);
}
JSONObject jo = JSON.parseObject(removeReturnMsg);
Object codeValueStr=jo.get("code");
if(codeValueStr==null){
return new BaseResponse(201,"添加恶意ip返回结果code为空,出现异常,主机:"+hosts[i]);
}
Integer codeValue=(Integer)codeValueStr;
if(codeValue!=200){
return new BaseResponse(201,"添加恶意ip出现异常,主机:"+hosts[i]+",异常msg:"+removeReturnMsg);
List<String> hosts=getNginxHost();
for(String ipSingle:ip.split(",")){
for(int i=0;i<hosts.size();i++){
String nginxHostIp=hosts.get(i);
String rtnmsg="添加恶意ip,主机:"+nginxHostIp;
String url="http://"+nginxHostIp+"/malIp?method=add&ips=";
String removeReturnMsg = httpRestClientService.getWithHeaderHost(url + ipSingle, null, String.class);
if(StringUtils.isBlank(removeReturnMsg)){
rtnmsg="添加恶意ip返回结果为空,出现异常,主机:"+nginxHostIp;
}else{
JSONObject jo = JSON.parseObject(removeReturnMsg);
Object codeValueStr=jo.get("code");
if(codeValueStr==null){
rtnmsg="添加恶意ip返回结果code为空,出现异常,主机:"+nginxHostIp;
}else{
Integer codeValue=(Integer)codeValueStr;
if(codeValue!=200){
rtnmsg="添加恶意ip出现异常,主机:"+nginxHostIp+",异常msg:"+removeReturnMsg;
}
}
}
sb.append("<br>");
sb.append(rtnmsg);
}
//添加到运维的redis
ipImpl.addMipsToOpsRedis(ipSingle);
}
}
return new BaseResponse();
BaseResponse rtnBaseResponse= new BaseResponse();
rtnBaseResponse.setData(sb.toString());
return rtnBaseResponse;
}
... ...
... ... @@ -34,6 +34,8 @@ public interface MaliciousIpService {
*/
void delMipsFromOpsRedis(String ip);
void addMipsToOpsRedis(String ip);
/**
* 从Redis中获取恶意ip集合
* @return
... ...
... ... @@ -293,10 +293,20 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
*/
@Override
public void delMipsFromOpsRedis(String ip){
logger.info(" delete mip "+ip);
logger.info(" delMipsFromOpsRedis mip "+ip);
awsRedisTemplate.opsForSet().remove(MALICIOUS_IP_SET,ip);//.delete(MALICIOUS_IP+ip);
}
@Override
public void addMipsToOpsRedis(String ip){
logger.info(" addMipsToOpsRedis mip "+ip);
try {
awsRedisTemplate.opsForSet().add(MALICIOUS_IP_SET,ip);//.opsForValue().set(key, "0");
} catch (Exception e) {
logger.error("insert mip into redis failed", e);
}
}
/* (non-Javadoc)
* @see com.monitor.other.maliciousip.service.MaliciousIpService#getIps()
... ...
... ... @@ -30,8 +30,6 @@ malicious.ip.redis.write.qq.host2=10.66.0.2
malicious.ip.redis.write.aws.host1=172.31.70.163
malicious.ip.redis.write.aws.host2=172.31.70.53
malicious.ip.redis.write.port=6379
malicious.ip.redis.write.all.host=10.66.0.3,10.66.0.2,172.31.70.163,172.31.70.53
malicious.ip.redis.write.all.port=6379,6379,6379,6379
#restTemplate
connectTimeout=5000
... ...
... ... @@ -30,8 +30,7 @@ malicious.ip.redis.write.qq.host2=10.66.0.2
malicious.ip.redis.write.aws.host1=172.31.70.163
malicious.ip.redis.write.aws.host2=172.31.70.53
malicious.ip.redis.write.port=6379
malicious.ip.redis.write.all.host=10.66.0.3,10.66.0.2,172.31.70.163,172.31.70.53
malicious.ip.redis.write.all.port=6379,6379,6379,6379
#restTemplate
connectTimeout=5000
readTimeout=10000
... ...
... ... @@ -30,8 +30,6 @@ malicious.ip.redis.write.qq.host2=192.168.102.22
malicious.ip.redis.write.aws.host1=192.168.102.22
malicious.ip.redis.write.aws.host2=192.168.102.22
malicious.ip.redis.write.port=6379
malicious.ip.redis.write.all.host=192.168.102.22,192.168.102.22,192.168.102.22,192.168.102.22
malicious.ip.redis.write.all.port=6379,6379,6379,6379
#restTemplate
connectTimeout=5000
... ...