ops / monitor-service · Commits

Go to a project

Authored by qinchao
Commit d0575c0fc5354a11df0bba5d3c66ab9f425ff2e8 1 parent 75a45c00

去掉不用的

Inline Side-by-side
Showing 17 changed files with 7 additions and 2000 deletions
... ... @@ -46,6 +46,9 @@ public class AutoScalingCtrl {
if(!autoFetchOpen){//伸缩组数据获取开关
return null;
}
if(cloudType==1){
return null;
}
BaseResponse response=null;
List<AutoScalingGroup> autoScalingGroups=null;
if(1==cloudType){
... ...
package com.monitor.other.maliciousip.ctrl;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.model.HostInfo;
import com.model.MalIpRule;
import com.monitor.cmdb.service.IHostInfoService;
import com.monitor.common.service.HttpRestClientService;
import com.monitor.model.page.PageRequest;
import com.monitor.model.page.PageResponse;
import com.monitor.model.request.MaliciousIpRecordReq;
import com.monitor.model.response.BaseResponse;
import com.monitor.other.maliciousip.model.MaliciousDetailIp;
import com.monitor.other.maliciousip.model.MaliciousHbaseLog;
import com.monitor.other.maliciousip.model.MaliciousIp;
import com.monitor.other.maliciousip.service.impl.MaliciousIpServiceImpl;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.List;
/**
* 恶意ip
* @author hui.xu
*
*/
@Controller
@RequestMapping("/maliciousIp")
public class MaliciousIpController {
@Autowired
private HttpRestClientService httpRestClientService;
@Autowired
private MaliciousIpServiceImpl ipImpl;
@Autowired
IHostInfoService hostInfoService;
Logger log = LoggerFactory.getLogger(MaliciousIpController.class);
/**
* 捕获的恶意ip写入运维系统的redis
* @return
*/
@RequestMapping("/writeMipsObjToOpsReids")
@ResponseBody
public void writeMipsObjToOpsReids(@RequestBody String ipsObjs) {
ipImpl.writeMipsObjToOpsReids(ipsObjs);
}
/**
* 捕获的恶意ip写入运维系统的mysql
* @return
*/
@RequestMapping("/writeMipsInfoToOpsDb")
@ResponseBody
public void writeMipsInfoToOpsDb(@RequestBody String ipsObjs) {
ipImpl.writeMipsInfoToOpsDb(ipsObjs);
}
@RequestMapping("/updateForbidStatus")
@ResponseBody
public BaseResponse updateForbidStatus(int id,String status) {
ipImpl.updateForbidStatus(id,status);
return new BaseResponse();
}
/**
* 从运维系统的db获取恶意ip
* @return
*/
@RequestMapping("/getMaliciousIpRecordList")
@ResponseBody
public BaseResponse getMaliciousIpRecordList(@RequestBody MaliciousIpRecordReq pageRequest) {
return ipImpl.getMipsInfoToOpsDb(pageRequest);
}
@RequestMapping("/getMaliciousIpRecordForbidList")
@ResponseBody
public BaseResponse getMaliciousIpRecordForbidList(@RequestBody MaliciousIpRecordReq pageRequest){
return ipImpl.getAlarmMipsInfoToOpsDb(pageRequest);
}
/**
* 从运维系统的redis获取恶意ip
* @return
*/
@RequestMapping("/getMipsFromOpsReids")
@ResponseBody
public BaseResponse getMipsFromOpsReids(@RequestBody MaliciousIpRecordReq pageRequest) {
return ipImpl.getMipsFromOpsReids(pageRequest);
}
/**
* first调用相关系统提供的接口从正式封杀环境中删除,再从运维系统的redis删除恶意ip
* @return
*/
@RequestMapping("/delMipsFromOpsRedis")
@ResponseBody
public BaseResponse delMipsFromOpsRedis(String ip) {
StringBuilder sb=new StringBuilder();
if(StringUtils.isNotBlank(ip)){
//获取header信息,
/* HttpHeaders headers = new HttpHeaders();
headers.add("Host","erp.yoho.yohoops.org");*/
List<String> hosts=getNginxHost();
for(String ipSingle:ip.split(",")){
for(int i=0;i<hosts.size();i++){
String nginxHostIp=hosts.get(i);
String rtnmsg="删除恶意ip,主机:"+nginxHostIp;
String url="http://"+nginxHostIp+"/malIp?method=del&ips=";
String removeReturnMsg = httpRestClientService.getWithHeaderHost(url + ipSingle, null, String.class);
if(StringUtils.isBlank(removeReturnMsg)){
rtnmsg="删除恶意ip返回结果为空,删除出现异常,主机:"+nginxHostIp;
}else{
JSONObject jo = JSON.parseObject(removeReturnMsg);
Object codeValueStr=jo.get("code");
if(codeValueStr==null){
rtnmsg="删除恶意ip返回结果code为空,删除出现异常,主机:"+nginxHostIp;
}else{
Integer codeValue=(Integer)codeValueStr;
if(codeValue!=200){
rtnmsg="删除恶意ip出现异常,主机:"+nginxHostIp+",异常msg:"+removeReturnMsg;
}
}
}
sb.append("<br>");
sb.append(rtnmsg);
}
ipImpl.delMipsFromOpsRedis(ipSingle);
}
}
BaseResponse rtnBaseResponse= new BaseResponse();
rtnBaseResponse.setData(sb.toString());
return rtnBaseResponse;
}
@RequestMapping("/getNginxHost")
@ResponseBody
public List<String> getNginxHost(){
List<HostInfo> hostInfoList= hostInfoService.getHostInfosByTag("upstream-switch");
List<String> ips=new ArrayList<>();
if(hostInfoList!=null&&hostInfoList.size()>0){
for(HostInfo host:hostInfoList){
ips.add(host.getHostIp());
}
}
return ips;
}
/**
* first调用相关系统提供的接口从正式封杀环境中删除,再从运维系统的redis删除恶意ip
* @return
*/
@RequestMapping("/addMipsFromOpsRedis")
@ResponseBody
public BaseResponse addMipsFromOpsRedis(String ip) {
StringBuilder sb=new StringBuilder();
if(StringUtils.isNotBlank(ip)){
//获取header信息,
/* HttpHeaders headers = new HttpHeaders();
headers.add("Host","erp.yoho.yohoops.org");*/
List<String> hosts=getNginxHost();
for(String ipSingle:ip.split(",")){
for(int i=0;i<hosts.size();i++){
String nginxHostIp=hosts.get(i);
String rtnmsg="添加恶意ip,主机:"+nginxHostIp;
String url="http://"+nginxHostIp+"/malIp?method=add&ips=";
String removeReturnMsg = httpRestClientService.getWithHeaderHost(url + ipSingle, null, String.class);
if(StringUtils.isBlank(removeReturnMsg)){
rtnmsg="添加恶意ip返回结果为空,出现异常,主机:"+nginxHostIp;
}else{
JSONObject jo = JSON.parseObject(removeReturnMsg);
Object codeValueStr=jo.get("code");
if(codeValueStr==null){
rtnmsg="添加恶意ip返回结果code为空,出现异常,主机:"+nginxHostIp;
}else{
Integer codeValue=(Integer)codeValueStr;
if(codeValue!=200){
rtnmsg="添加恶意ip出现异常,主机:"+nginxHostIp+",异常msg:"+removeReturnMsg;
}
}
}
sb.append("<br>");
sb.append(rtnmsg);
}
//添加到运维的redis
ipImpl.addMipsToOpsRedis(ipSingle);
}
}
BaseResponse rtnBaseResponse= new BaseResponse();
rtnBaseResponse.setData(sb.toString());
return rtnBaseResponse;
}
/**
* 从Reids中获取恶意的ip集合
* @return
*/
@RequestMapping("/getIps")
@ResponseBody
public BaseResponse<List<MaliciousIp>> getIps(String timeType) {
return ipImpl.getIps(timeType);
}
/**
* 从Reids中获取恶意的ip集合
* @return
*/
@RequestMapping("/getDetail")
@ResponseBody
public BaseResponse<List<MaliciousDetailIp>> getDetail(String ip, String count, String timeType, String timestamp) {
return ipImpl.getDetail(ip, count, timeType, timestamp);
}
/**
* 获取 ip规则列表
* @return
*/
@RequestMapping("/getIpRules")
@ResponseBody
public BaseResponse<PageResponse<MalIpRule>> getIpRules(PageRequest req) {
log.info("getIpRules with param is {}", req);
// 查询列表
PageResponse<MalIpRule> responseBO = ipImpl.getIpRules(req);
if (responseBO == null || CollectionUtils.isEmpty(responseBO.getRows())) {
return new BaseResponse<PageResponse<MalIpRule>>();
}
PageResponse<MalIpRule> response = new PageResponse<MalIpRule>();
response.setCurrentPage(responseBO.getCurrentPage());
response.setRows(responseBO.getRows());
response.setPageSize(responseBO.getPageSize());
response.setTotal(responseBO.getTotal());
log.info("getIpRules success and total={}", response.getTotal());
return new BaseResponse<PageResponse<MalIpRule>>(response);
}
/**
* 保存 ip规则
* @return
*/
@RequestMapping("/saveIpRules")
@ResponseBody
public BaseResponse<Integer> saveIpRules(@RequestBody MalIpRule malIpRule) {
return ipImpl.saveMalIpRule(malIpRule);
}
/**
* 删除 ip规则
* @return
*/
@RequestMapping("/deleteIpRule")
@ResponseBody
public BaseResponse<Integer> deleteIpRule(int id) {
return ipImpl.delIpRule(id);
}
/**
*返回所有的ip规则接口
* @return
*/
@RequestMapping("/getMalIpRules")
@ResponseBody
public String getMalIpRules() {
return ipImpl.getAllIpRules();
}
@RequestMapping("/getMaliciousDetection")
@ResponseBody
public BaseResponse getMaliciousDetection(@RequestBody MaliciousIpRecordReq pageRequest) {
String ip=pageRequest.getIp();
String type=pageRequest.getType();
long timestamp=pageRequest.getTimestamp();
String cloudType=pageRequest.getCloudType();
List<MaliciousHbaseLog> recodList=new ArrayList<MaliciousHbaseLog>();
if(StringUtils.isNotBlank(ip)&&timestamp>0){
List<String> datas= ipImpl.getMaliciousDetection(ip,timestamp,type,cloudType);
//List<String> datas=new ArrayList<String>();
//datas.add("172.31.70.197|49.82.230.32|2017-12-23 19:59:30|GET|yoho/nodejs|/gateway/passport/img-check.jpg|app_version=6.3.0&fromPage=pc&client_type=web&udid=gLkGvDVZ-EPtfi9lcLtlRLC3wUl34jXq|201|39");
changeDataToModel( recodList, datas);
}
PageResponse<MaliciousHbaseLog> pageResp = new PageResponse<>();
pageResp.setCurrentPage(1);
pageResp.setPageSize(recodList.size());
pageResp.setTotal(recodList.size());
pageResp.setRows(recodList);
return new BaseResponse<>(pageResp);
}
@RequestMapping("/getMaliciousDetectionBeforeMin")
@ResponseBody
public BaseResponse getMaliciousDetectionBeforeMin(@RequestBody MaliciousIpRecordReq pageRequest) {
String ip=pageRequest.getIp();
String type=pageRequest.getType();
long timestamp=pageRequest.getTimestamp();
String cloudType=pageRequest.getCloudType();
List<MaliciousHbaseLog> recodList=new ArrayList<MaliciousHbaseLog>();
if(StringUtils.isNotBlank(ip)&&timestamp>0){
List<String> datas= ipImpl.getMaliciousDetectionMin(ip,timestamp,type,cloudType);
changeDataToModel( recodList, datas);
}
PageResponse<MaliciousHbaseLog> pageResp = new PageResponse<>();
pageResp.setCurrentPage(1);
pageResp.setPageSize(recodList.size());
pageResp.setTotal(recodList.size());
pageResp.setRows(recodList);
return new BaseResponse<>(pageResp);
}
private void changeDataToModel(List<MaliciousHbaseLog> recodList,List<String> datas){
if(datas!=null&&datas.size()>0){
for(String str:datas){
if(StringUtils.isNotBlank(str)){
MaliciousHbaseLog hbaseLog=new MaliciousHbaseLog();
String[] thingArray=str.split("\\|");
for(int i=0;i<thingArray.length;i++){
if(i==0){
hbaseLog.setLocalIp(thingArray[i]);
}else if(i==1){
hbaseLog.setUserIp(thingArray[i]);
}else if(i==2){
hbaseLog.setCurrDateStr(thingArray[i]);
}else if(i==3){
hbaseLog.setRequestType(thingArray[i]);
}else if(i==4){
hbaseLog.setUserAgent(thingArray[i]);
}else if(i==5){
hbaseLog.setRequestMark(thingArray[i]);
}else if(i==6){
hbaseLog.setRequestParam(thingArray[i]);
}else if(i==7){
hbaseLog.setResponseCode(thingArray[i]);
}else if(i==8){
hbaseLog.setDealTime(thingArray[i]);
}
}
recodList.add(hbaseLog);
}
}
//排序
recodList.sort(Comparator.comparing(MaliciousHbaseLog::getCurrDateStr));
}
}
}
\ No newline at end of file
package com.monitor.other.maliciousip.job;
import com.monitor.common.service.AlarmMsgService;
import com.util.GetUsersInfoUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
public class MaliciousIpJob {
/**
* 日志接口
*/
//private Logger logger = LoggerFactory.getLogger("banIPLogger");
/*@Autowired
private RedisReadUtil redisRead;*/
/*@Autowired
private RedisWriteUtil redisWrite;*/
/*@Autowired
private RedisDataByApiUtil redisDataByApiUtil;*/
/**
* 如果从redis中读取数据,默认取2s的数据
*/
//private static final String TIME_DIMENSION_SECONDS_KEY = "2";
/* @Autowired
public AlarmMsgService alarmMsgService;*/
/*@Autowired
@Qualifier("core-config-reader")
private ConfigReader configReader;*/
//private AtomicInteger errorCount = new AtomicInteger();
/**
* 根据报警组名称取成员的手机号码
*/
/*@Autowired
private GetUsersInfoUtil getUsersInfoUtil;*/
/**
* 成员手机号码集合
*/
//private String mobile_yunwei;
/**
* 敏感接口比例大于等于99%,且敏感接口QPS大于等于100的值,暂时默认放到黑名单
*/
public void init(){
/*logger.info("-init job!");
Timer timer = new Timer();
TimerTask timerTask = new TimerTask() {
@Override
public void run() {
//详情
//logger.info("-init run job!");
uploadMaliciousIp();
}
}; //0:代表是延迟0
timer.scheduleAtFixedRate(timerTask, 0, 1* 2 * 1000);
Timer timerSms = new Timer();
TimerTask timerTaskSms = new TimerTask() {
@Override
public void run() {
//30秒回0
errorCount.set(0);
mobile_yunwei = getUsersInfoUtil.getMobileByAlarmGroup(AlarmGroupContants.GROUP_NAME_YUNWEI);
if(StringUtils.isBlank(mobile_yunwei)){
logger.error("- MaliciousIpJob - init - timerTaskSms yunwei mobile is null " +AlarmGroupContants.GROUP_NAME_YUNWEI);
}
logger.info(" MaliciousIpJob - init - timerTaskSms yunwei mobile is "+mobile_yunwei);
}
}; //0:代表是延迟0
timerSms.scheduleAtFixedRate(timerTaskSms, 0, 1* 30 * 1000); */
}
/**
private void uploadMaliciousIp(){
try{
String ips_json = null;
ips_json = redisDataByApiUtil.getIpsApiByUrl(TIME_DIMENSION_SECONDS_KEY);
if(StringUtils.isBlank(ips_json)){
int intNull = errorCount.getAndIncrement();
if(intNull >= 3){
//告警
String smsStr = "获取spark基础数据为空";
logger.error(" - MaliciousIpJob - uploadMaliciousIp - {}", smsStr);
alarmMsgService.sendSms("MaliciousIpJob", smsStr, mobile_yunwei);
}
return;
}
List<MaliciousIpBL> listMaliciousIp;
List<MaliciousIpBL> listBlackListIp_BL;
List<MaliciousIpBL> listBlackListIp_UDID;
listMaliciousIp = (List<MaliciousIpBL>) JSON.parseArray(ips_json, MaliciousIpBL.class);
if(CollectionUtils.isNotEmpty(listMaliciousIp)){
listBlackListIp_BL = new ArrayList<>();
listBlackListIp_UDID = new ArrayList<>();
for (MaliciousIpBL maliciousIp : listMaliciousIp) {
//过滤白名单
if(IpWhiteListUtil.getIpWhiteList().contains(maliciousIp.getIp())){
continue;
}
//过滤公司内部ip段
String []arrIp = StringUtils.split(maliciousIp.getIp(),'.');
String inIp = arrIp[0] + "." + arrIp[1];
boolean isIn = false;
String []whiteIp = StringUtils.split(MaliciousIpContants.YOHO_INTERNAL_IP,'|');
for (String white : whiteIp) {
if(white.equals(inIp)){
isIn = true;
break;
}
}
if(isIn){
continue;
}
//敏感接口比例大于等于99%,且敏感接口QPS大于等于100的值,暂时默认放到黑名单
int percent_max = configReader.getInt(MaliciousIpContants.MALICIOUSIP_PERCENT_MAX, MaliciousIpContants.DEFAULT_PERCENT_MAX);
int count_max = configReader.getInt(MaliciousIpContants.MALICIOUSIP_COUNT_MAX, MaliciousIpContants.DEFAULT_COUNT_MAX);
if((maliciousIp.getImpApiPrecent() >= percent_max) && (maliciousIp.getImpCount() >= count_max)){
listBlackListIp_BL.add(maliciousIp);
}
int udid_count_mac = configReader.getInt(MaliciousIpContants.MALICIOUSIP_UDID_COUNT_MAX, MaliciousIpContants.DEFAULT_UDID_COUNT_MAX);
if(maliciousIp.getUdidCount() >= udid_count_mac){
listBlackListIp_UDID.add(maliciousIp);
}
}
//加入黑名单
String[] arr_ip_bl = null;
if(CollectionUtils.isNotEmpty(listBlackListIp_BL)){
String smsStr = "恶意ip成功捕获";
arr_ip_bl = new String[listBlackListIp_BL.size()];
for (int index = 0; index < listBlackListIp_BL.size(); index++) {
arr_ip_bl[index] = listBlackListIp_BL.get(index).getIp();
//smsStr += String.format("IP:%s,QSP:%s,PER:%s | ",listBlackListIp_BL.get(index).getIp(), listBlackListIp_BL.get(index).getImpCount(), listBlackListIp_BL.get(index).getImpApiPrecent());
logger.info("-- Ban IP add to list: IP:{}, QPS:{}, Per:{}.", listBlackListIp_BL.get(index).getIp(), listBlackListIp_BL.get(index).getImpCount(), listBlackListIp_BL.get(index).getImpApiPrecent());
}
if(StringUtils.isNotBlank(smsStr)){
smsStr = "恶意ip成功捕获: " + listBlackListIp_BL.get(0).getIp();
//发送短信
if(StringUtils.isNotBlank(mobile_yunwei)){
logger.info(" MaliciousIpJob 2 - listBlackListIp_BL - send msg ");
alarmMsgService.sendSms("MaliciousIp", smsStr, mobile_yunwei);
}
logger.info(" MaliciousIpJob 2 - listBlackListIp_BL - send msg over ");
}
}
//加入黑名单
String[] arr_ip_udid = null;
if(CollectionUtils.isNotEmpty(listBlackListIp_UDID)){
String smsStr = "";
arr_ip_udid = new String[listBlackListIp_UDID.size()];
for (int index = 0; index < listBlackListIp_UDID.size(); index++) {
arr_ip_udid[index] = listBlackListIp_UDID.get(index).getIp();
smsStr += String.format("IP:%s,QSP:%s,PER:%s,UDID:%s | ",listBlackListIp_UDID.get(index).getIp(), listBlackListIp_UDID.get(index).getImpCount(), listBlackListIp_UDID.get(index).getImpApiPrecent(), listBlackListIp_UDID.get(index).getUdidCount());
logger.info("-- Ban IP add to list: IP:{}, QPS:{}, Per:{}, UDID:{}.", listBlackListIp_UDID.get(index).getIp(), listBlackListIp_UDID.get(index).getImpCount(), listBlackListIp_UDID.get(index).getImpApiPrecent(), listBlackListIp_UDID.get(index).getUdidCount());
}
if(StringUtils.isNotBlank(smsStr)){
smsStr = "恶意ip->" + smsStr.substring(0, smsStr.length() - 3) + " 成功捕获!";
//发送短信
//发送短信
if(StringUtils.isNotBlank(mobile_yunwei)){
logger.info(" MaliciousIpJob 2 - listBlackListIp_UDID - send msg ");
alarmMsgService.sendSms("MaliciousIp", smsStr, mobile_yunwei);
}
logger.info(" MaliciousIpJob 2 - listBlackListIp_UDID - send msg over ");
}
}
String [] array_ip = (String[]) ArrayUtils.addAll(arr_ip_bl, arr_ip_udid);
if(ArrayUtils.isNotEmpty(array_ip)){
redisWrite.setIps(array_ip);
}
}
}catch(Exception e){
logger.error("- MaliciousIpJob - uploadMaliciousIp,", e);
}
}
**/
}
\ No newline at end of file
package com.monitor.other.maliciousip.service;
import com.model.MalIpRule;
import com.monitor.model.request.MaliciousIpRecordReq;
import com.monitor.model.response.BaseResponse;
import com.monitor.other.maliciousip.model.MaliciousDetailIp;
import com.monitor.other.maliciousip.model.MaliciousIp;
import java.util.List;
/**
* 恶意ip
* @author hui.xu
*
*/
public interface MaliciousIpService {
/**
*捕获的恶意ip写入运维系统的redis
*/
//void writeMipsToOpsReids(String ips);
void writeMipsObjToOpsReids(String ipsObjs);
void writeMipsInfoToOpsDb(String ipsObjs);
void updateForbidStatus(int id ,String status);
BaseResponse getMipsInfoToOpsDb(MaliciousIpRecordReq request);
int getAlarmCountMipsInfoToOpsDb(String beginTime);
BaseResponse getAlarmMipsInfoToOpsDb(MaliciousIpRecordReq request);
/**
*从运维系统的redis查询恶意ip
*/
BaseResponse getMipsFromOpsReids(MaliciousIpRecordReq request);
/**
* 从运维系统的redis删除恶意ip,并调研相关系统提供的接口从正式封杀环境中删除
*/
void delMipsFromOpsRedis(String ip);
void addMipsToOpsRedis(String ip);
/**
* 从Redis中获取恶意ip集合
* @return
*/
BaseResponse<List<MaliciousIp>> getIps(String timeType);
/**
* 从Redis中获取恶意ip的内容
* @param ip
* @return
*/
BaseResponse<List<MaliciousDetailIp>> getDetail(String ip, String count, String timeType, String timestamp);
BaseResponse<Integer> saveMalIpRule(MalIpRule malIpRule);
BaseResponse<Integer> delIpRule(int id);
//特定格式返回所有的恶意ip规则接口
String getAllIpRules();
List<String> getMaliciousDetection(String ip, long timestamp, String type,String cloudType);
List<String> getMaliciousDetectionMin(String ip, long timestamp, String type,String cloudType);
}
\ No newline at end of file
package com.monitor.other.maliciousip.service.impl;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.contants.AlarmGroupContants;
import com.model.MalIpRule;
import com.model.MaliciousIpsRecord;
import com.model.MaliciousIpsRecordBanned;
import com.model.MaliciousIpsRecordForbid;
import com.monitor.common.service.AlarmMsgService;
import com.monitor.model.domain.PageBean;
import com.monitor.model.page.PageRequest;
import com.monitor.model.page.PageResponse;
import com.monitor.model.request.MaliciousIpRecordReq;
import com.monitor.model.response.BaseResponse;
import com.monitor.mysql.mapper.MalIpRuleMapper;
import com.monitor.mysql.mapper.MaliciousIpsRecordBannedMapper;
import com.monitor.mysql.mapper.MaliciousIpsRecordForbidMapper;
import com.monitor.mysql.mapper.MaliciousIpsRecordMapper;
import com.monitor.other.maliciousip.contants.MaliciousIpModel;
import com.monitor.other.maliciousip.model.MaliciousDetailIp;
import com.monitor.other.maliciousip.model.MaliciousIp;
import com.monitor.other.maliciousip.service.MaliciousIpService;
import com.monitor.other.maliciousip.util.HbasePool;
import com.monitor.other.maliciousip.util.HbasePoolAws;
import com.monitor.other.maliciousip.util.RedisDataByApiUtil;
import com.util.GetUsersInfoUtil;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.*;
import org.apache.hadoop.hbase.util.Bytes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import java.util.*;
import java.util.stream.Collectors;
/**
* 恶意ip
* @author hui.xu
*
*/
@Service
public class MaliciousIpServiceImpl implements MaliciousIpService {
/**
* 日志接口
*/
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private RedisDataByApiUtil redisDataByApiUtil;
@Autowired
private MalIpRuleMapper malIpRuleMapper;
@Autowired
private MaliciousIpsRecordMapper maliciousIpsRecordMapper;
@Autowired
private MaliciousIpsRecordForbidMapper maliciousIpsRecordForbidMapper;
@Autowired
private MaliciousIpsRecordBannedMapper maliciousIpsRecordBannedMapper;
@Value("${system.envi.cloud.name}")
private String cloudName;
@Autowired
public AlarmMsgService alarmMsgService;
/**
* 根据报警组名称取成员的手机号码
*/
@Autowired
private GetUsersInfoUtil getUsersInfoUtil;
/**
* Redis String 类型
*/
//private static final String MALICIOUS_IP_SET = "yh:mip:mipset";
//private static final String MALICIOUS_IP_SET = "yhmipset";
/**
* 黑名单失效时间7*24小时
*/
//private static final int MALICIOUS_IP_EXPIRE = 7*24 * 60 * 60;
/**
*捕获的恶意ipsObj写入运维系统的redis
* ipsObj:json格式数据,包括 ip reason duration
*/
@Override
public void writeMipsObjToOpsReids(String ipsObjs){
logger.info("begin writeMipsObjToOpsReids :"+ipsObjs);
if(StringUtils.isBlank(ipsObjs)){
return ;
}
JSONObject joWithData=JSON.parseObject(ipsObjs);
String type=joWithData.getString("type");
JSONArray ipsObjArray=joWithData.getJSONArray("data");
if(ipsObjArray==null){
return ;
}
if("alarm".equalsIgnoreCase(type)){
writeAlarmMipsInfoToOpsDb(ipsObjArray);
}else{
//发送拦截短信
String mobile_yunwei = getUsersInfoUtil.getMobileByAlarmGroup(AlarmGroupContants.GROUP_NAME_MALICIOUS_IP);
for(int i=0;i<ipsObjArray.size();i++){
JSONObject jo= ipsObjArray.getJSONObject(i);
String ip=jo.getString("ip");
String reason=jo.getString("reason");
String duration=jo.get("duration")==null?"":""+jo.get("duration");
String hbaseTime=String.valueOf(jo.getLongValue("timestamp"));
if(StringUtils.isNotBlank(ip)){
try{
MaliciousIpsRecordBanned record=new MaliciousIpsRecordBanned();
record.setIp(ip);
record.setReason(reason);
record.setHbaseTime(hbaseTime);
record.setDur(duration);
record.setForbidStatus("1");
record.setHbaseSource(cloudName);
maliciousIpsRecordBannedMapper.insert(record);
logger.info("MaliciousIpServiceImpl writeBannedMipsOpsDB - "+ip);
}catch (Exception e){
logger.error("MaliciousIpServiceImpl writeBannedMipsOpsDB failed", e);
}
String smsStr = "成功捕获恶意ip--->" + ip + ",接口列表[";
JSONObject json = JSONObject.parseObject(reason);
if (json != null && !json.isEmpty()) {
JSONObject methodDetail = json.getJSONObject("methodDetail");
if (methodDetail != null && !methodDetail.isEmpty()) {
for (Map.Entry<String, Object> entry : methodDetail.entrySet()) {
smsStr += entry.getKey() + ":" + entry.getValue() + "次,";
}
smsStr = smsStr.substring(0, smsStr.length() - 1);
}
}
smsStr += "]";
alarmMsgService.sendSms("MaliciousIp", smsStr, mobile_yunwei);
logger.info("MaliciousIpServiceImpl writeBannedMipsOpsDB - "+ip);
}
}
}
}
public static void main(String[] args) {
String reason="{\"deviceTypeCount\":1,\"difMethodCount\":6,\"impApiPrecent\":100,\"impCount\":221,\"ip\":\"39.107.73.223\",\"ipPrecent\":0,\"loginApiCount\":61,\"methodDetail\":{\"smart.forward.go\":61,\"app.Seckill.payment\":20,\"user.instalment.activate\":19,\"app.Shopping.payment\":41,\"app.Shopping.easySubmit\":20,\"app.shopping.depositPayment\":60},\"notExistUdidPercent\":0,\"notExsitUdidCount\":0,\"qps\":221,\"timestamp\":1519969986974,\"udidCount\":1,\"uidCount\":1,\"whiteIpFlag\":false}";
String smsStr = "成功捕获恶意ip--->" + "12.2.2.2" + ",接口列表[";
JSONObject json = JSONObject.parseObject(reason);
if (json != null && !json.isEmpty()) {
JSONObject methodDetail = json.getJSONObject("methodDetail");
if (methodDetail != null && !methodDetail.isEmpty()) {
for (Map.Entry<String, Object> entry : methodDetail.entrySet()) {
smsStr += entry.getKey() + ":" + entry.getValue() + ",";
}
smsStr = smsStr.substring(0, smsStr.length() - 1);
}
}
smsStr += "]";
System.out.println(smsStr);
}
private void writeAlarmMipsInfoToOpsDb(JSONArray ipsObjArray){
logger.info("begin writeAlarmMipsInfoToOpsDb :"+ipsObjArray);
for(int i=0;i<ipsObjArray.size();i++){
JSONObject jo= ipsObjArray.getJSONObject(i);
String ip=jo.getString("ip");
String reason=jo.getString("reason");
String hbaseTime=String.valueOf(jo.getLongValue("timestamp"));
String duration=jo.get("duration")==null?"":""+jo.get("duration");
if(StringUtils.isNotBlank(ip)){
MaliciousIpsRecordForbid record=new MaliciousIpsRecordForbid();
record.setIp(ip);
record.setReason(reason);
record.setHbaseTime(hbaseTime);
record.setDur(duration);
record.setHbaseSource(cloudName);
maliciousIpsRecordForbidMapper.insert(record);
logger.info("MaliciousIpServiceImpl writeMipsObjToOpsReids - "+ip);
}
}
}
public void writeMipsInfoToOpsDb(String ipsObjs){
//logger.info("begin writeMipsInfoToOpsDb :"+ipsObjs);
if(StringUtils.isNotBlank(ipsObjs)){
JSONArray ipsObjArray=JSON.parseArray(ipsObjs);
Calendar cal = Calendar.getInstance();
Date currDate=cal.getTime();
for(int i=0;i<ipsObjArray.size();i++){
JSONObject jo= ipsObjArray.getJSONObject(i);
String ip=jo.getString("ip");
String reason=jo.toJSONString();
//写入mysql
MaliciousIpsRecord record=new MaliciousIpsRecord();
record.setIp(ip);
record.setReason(reason);
record.setCreateTime(currDate);
record.setHbaseTime(""+cal.getTimeInMillis());
record.setHbaseSource(cloudName);
maliciousIpsRecordMapper.insert(record);
}
}
}
public void updateForbidStatus(int id ,String status){
MaliciousIpsRecordForbid recordForbid=new MaliciousIpsRecordForbid();
recordForbid.setId(id);
recordForbid.setForbidStatus(status);
maliciousIpsRecordForbidMapper.updateForbidStatusByPrimaryKey(recordForbid);
}
public BaseResponse getMipsInfoToOpsDb(MaliciousIpRecordReq request){
PageBean page = PageBean.initPageInfo(request.getCurrentPage(), request.getPageSize(), request);
// 先查询符合条件的总数量
int total = maliciousIpsRecordMapper.selectCount(page);
// 数量为0 直接返回
if (total == 0) {
return new BaseResponse<>();
}
// 获取列表
List<MaliciousIpsRecord> ls = maliciousIpsRecordMapper.selectByPage(page);
if (org.springframework.util.CollectionUtils.isEmpty(ls)) {
return new BaseResponse<>();
}
//解析reason到汉字
for(MaliciousIpsRecord record:ls){
String reason=record.getReason();
if(StringUtils.isNotBlank(reason)){
try{
MaliciousIpModel model=JSON.parseObject(reason,MaliciousIpModel.class);
reason=model.toHtmlString4DB();
record.setReason(reason);
}catch (Exception e){
///查询异常就不管了
}
}
}
PageResponse<MaliciousIpsRecord> pageResp = new PageResponse<>();
pageResp.setCurrentPage(request.getCurrentPage());
pageResp.setPageSize(request.getPageSize());
pageResp.setTotal(total);
pageResp.setRows(ls);
return new BaseResponse<>(pageResp);
}
/**
* 获取大于当前时间的ip数量
* @param beginTime
* @return
*/
public int getAlarmCountMipsInfoToOpsDb(String beginTime){
if(StringUtils.isBlank(beginTime)){
return 0;
}
return maliciousIpsRecordForbidMapper.getAlarmCountMipsInfoToOpsDb(beginTime);
}
public BaseResponse getAlarmMipsInfoToOpsDb(MaliciousIpRecordReq request){
PageBean page = PageBean.initPageInfo(request.getCurrentPage(), request.getPageSize(), request);
// 先查询符合条件的总数量
int total = maliciousIpsRecordForbidMapper.selectCount(page);
// 数量为0 直接返回
if (total == 0) {
return new BaseResponse<>();
}
// 获取列表
List<MaliciousIpsRecordForbid> ls = maliciousIpsRecordForbidMapper.selectByPage(page);
if (org.springframework.util.CollectionUtils.isEmpty(ls)) {
return new BaseResponse<>();
}
//解析reason到汉字
for(MaliciousIpsRecordForbid record:ls){
String reasonForbid=record.getReason();
if(StringUtils.isNotBlank(reasonForbid)){
try{
MaliciousIpModel model=JSON.parseObject(reasonForbid,MaliciousIpModel.class);
reasonForbid=model.toHtmlString();
record.setReason(reasonForbid);
}catch (Exception e){
///查询异常就不管了
}
}
}
PageResponse<MaliciousIpsRecordForbid> pageResp = new PageResponse<>();
pageResp.setCurrentPage(request.getCurrentPage());
pageResp.setPageSize(request.getPageSize());
pageResp.setTotal(total);
pageResp.setRows(ls);
return new BaseResponse<>(pageResp);
}
/**
*从运维系统的redis查询恶意ip,并且从influxdb中取对应的ip信息
*/
@Override
public BaseResponse getMipsFromOpsReids(MaliciousIpRecordReq request){
PageBean page = PageBean.initPageInfo(request.getCurrentPage(), request.getPageSize(), request);
// 先查询符合条件的总数量
int total = maliciousIpsRecordBannedMapper.selectCount(page);
// 数量为0 直接返回
if (total == 0) {
return new BaseResponse<>();
}
// 获取列表
List<MaliciousIpsRecordBanned> ls = maliciousIpsRecordBannedMapper.selectByPage(page);
if (org.springframework.util.CollectionUtils.isEmpty(ls)) {
return new BaseResponse<>();
}
//解析reason到汉字
for(MaliciousIpsRecordBanned record:ls){
String reason=record.getReason();
if(StringUtils.isNotBlank(reason)){
try{
MaliciousIpModel model=JSON.parseObject(reason,MaliciousIpModel.class);
reason=model.toHtmlString();
record.setReason(reason);
}catch (Exception e){
///查询异常就不管了
}
}
}
PageResponse<MaliciousIpsRecordBanned> pageResp = new PageResponse<>();
pageResp.setCurrentPage(request.getCurrentPage());
pageResp.setPageSize(request.getPageSize());
pageResp.setTotal(total);
pageResp.setRows(ls);
return new BaseResponse<>(pageResp);
}
/**
* 从运维系统的redis删除恶意ip,并调用相关系统提供的接口从正式封杀环境中删除
* @return
*/
@Override
public void delMipsFromOpsRedis(String ip){
logger.info(" delMipsFromOpsRedis mip "+ip);
maliciousIpsRecordBannedMapper.deleteByIp(ip);
}
@Override
public void addMipsToOpsRedis(String ip){
logger.info(" addMipsToOpsRedis mip "+ip);
try {
MaliciousIpsRecordBanned addRecord=new MaliciousIpsRecordBanned();
addRecord.setIp(ip);
addRecord.setForbidStatus("ADD");//手工添加的封杀
addRecord.setHbaseSource(cloudName);
maliciousIpsRecordBannedMapper.insert(addRecord);
} catch (Exception e) {
logger.error("insert mip into redis failed", e);
}
}
/* (non-Javadoc)
* @see com.monitor.other.maliciousip.service.MaliciousIpService#getIps()
* 从Redis中获取恶意ip集合
*/
@Override
public BaseResponse<List<MaliciousIp>> getIps(String timeType) {
BaseResponse<List<MaliciousIp>> response = new BaseResponse<>();
List<MaliciousIp> listMaliciousIp;
try{
String ips_json = null;
ips_json = redisDataByApiUtil.getIpsByUrl(timeType);
if(StringUtils.isBlank(ips_json)){
return response;
}
listMaliciousIp = (List<MaliciousIp>) JSON.parseArray(ips_json, MaliciousIp.class);
if(listMaliciousIp!=null&&listMaliciousIp.size()>1){
listMaliciousIp.sort(Comparator.comparing(MaliciousIp::getQps).reversed());
}
response.setData(listMaliciousIp);
}catch(Exception e){
logger.error(" - MaliciousIpServiceImpl - getIps - error", e);
}
return response;
}
/* (non-Javadoc)
* @see com.monitor.other.maliciousip.service.MaliciousIpService#getDetail(java.lang.String)
* 从Redis中获取恶意ip的内容
*/
@Override
public BaseResponse<List<MaliciousDetailIp>> getDetail(String ip, String count, String timeType, String timestamp) {
BaseResponse<List<MaliciousDetailIp>> response = new BaseResponse<>();
List<MaliciousDetailIp> listMaliciousDetailIp;
try{
String detail_json = null;
detail_json = redisDataByApiUtil.getDetailByUrl(ip, timeType, timestamp);
if(StringUtils.isBlank(detail_json)){
return response;
}
listMaliciousDetailIp = (List<MaliciousDetailIp>) JSON.parseArray(detail_json, MaliciousDetailIp.class);
if(NumberUtils.isNumber(count) && CollectionUtils.isNotEmpty(listMaliciousDetailIp)){
for (MaliciousDetailIp maliciousDetailIp : listMaliciousDetailIp) {
maliciousDetailIp.setPercent(maliciousDetailIp.getCount() * 100 / Integer.parseInt(count));
}
}
if(listMaliciousDetailIp!=null&&listMaliciousDetailIp.size()>1){
listMaliciousDetailIp.sort(Comparator.comparing(MaliciousDetailIp::getCount).reversed());
}
response.setData(listMaliciousDetailIp);
}catch(Exception e){
logger.error(" - MaliciousIpServiceImpl - getDetail - error", e);
}
return response;
}
/**
* 恶意ip规则列表**/
public PageResponse<MalIpRule> getIpRules(PageRequest req) {
logger.info("getMalIpRules with param is {}", req);
// 组装分页对象
PageBean page = PageBean.initPageInfo(req.getCurrentPage(), req.getPageSize(), req);
// 先查询符合条件的总数量
int total = malIpRuleMapper.selectCount(page);
logger.info("getMalIpRules selectCount num is {}, with param is {}", total, req);
// 数量为0 直接返回
if (total == 0) {
// 返回初始page对象
return null;
}
// 获取列表
List<MalIpRule> malIpRules = malIpRuleMapper.selectMalIpRulesByPage(page);
if (CollectionUtils.isEmpty(malIpRules)) {
logger.debug("getMalIpRules is null with param is {}", req);
return null;
}
PageResponse<MalIpRule> response = new PageResponse<MalIpRule>();
response.setCurrentPage(req.getCurrentPage());
response.setPageSize(req.getPageSize());
response.setTotal(total);
response.setRows(malIpRules);
return response;
}
@Override
public BaseResponse<Integer> saveMalIpRule(MalIpRule malIpRule){
try{
int result = 0;
logger.info("saveIpRules with param is {}", malIpRule);
result = malIpRuleMapper.insert(malIpRule);
return new BaseResponse<>(result);
}catch(Exception e){
logger.error("saveMalIpRule error!",e);
return new BaseResponse<>(e.getMessage());
}
}
@Override
public BaseResponse<Integer> delIpRule(int id) {
try {
logger.info("delIpRule id : " + id);
int result = 0;
result = malIpRuleMapper.deleteById(id);
return new BaseResponse<>(result);
}catch(Exception e){
logger.error("delIpRule error! ", e);
return new BaseResponse<>(e.getMessage());
}
}
/**
* 以规定格式返回所有的恶意ip规则
*/
@Override
public String getAllIpRules(){
List<MalIpRule> ruleList = malIpRuleMapper.selectAll();
if(ruleList == null || ruleList.size() == 0){
return "[]";
}
List<String> lists = ruleList.stream().map(o->"\""+o.getRule()+"\"").collect(Collectors.toList());
String rules = String.join(",",lists);
rules = "[" + rules + "]";
logger.info("getAllIpRules:" + rules);
return rules;
}
@Override
public List<String> getMaliciousDetection(String ip,long timestamp,String type,String cloudType){
List<String> list = new ArrayList<>();
String tableName="malicious_detection";
try {
if("aws".equalsIgnoreCase(cloudType)){
getMaliciousDetectionFromCloud(HbasePoolAws.getConnection(),tableName,ip,timestamp,timestamp,type,list);
}else if("qcloud".equalsIgnoreCase(cloudType)){
getMaliciousDetectionFromCloud(HbasePool.getConnection(),tableName,ip,timestamp,timestamp,type,list);
}else{
getMaliciousDetectionFromCloud(HbasePoolAws.getConnection(),tableName,ip,timestamp,timestamp,type,list);
getMaliciousDetectionFromCloud(HbasePool.getConnection(),tableName,ip,timestamp,timestamp,type,list);
}
}catch(Exception e){
e.printStackTrace();
}
return list;
}
@Override
public List<String> getMaliciousDetectionMin(String ip,long timestamp,String type,String cloudType){
List<String> list = new ArrayList<>();
long minInMill=5*60*1000; //5分钟
long timestampEnd=timestamp;
long timestampBegin=timestampEnd-minInMill;
String tableName="all_detection";
type="message";
try {
if("aws".equalsIgnoreCase(cloudType)){
getMaliciousDetectionFromCloud(HbasePoolAws.getConnection(),tableName,ip,timestampBegin,timestampEnd,type,list);
}else if("qcloud".equalsIgnoreCase(cloudType)){
getMaliciousDetectionFromCloud(HbasePool.getConnection(),tableName,ip,timestampBegin,timestampEnd,type,list);
}else{
getMaliciousDetectionFromCloud(HbasePoolAws.getConnection(),tableName,ip,timestampBegin,timestampEnd,type,list);
getMaliciousDetectionFromCloud(HbasePool.getConnection(),tableName,ip,timestampBegin,timestampEnd,type,list);
}
}catch(Exception e){
e.printStackTrace();
}
return list;
}
private void getMaliciousDetectionFromCloud(Connection connection,String tableName,String ip,long timestampBegin,long timestampEnd,String type,List<String> list){
if(connection==null){
return ;
}
try {
Table maliciousDetectionTable = connection.getTable(TableName.valueOf(tableName));
Scan scan = new Scan();
scan.setStartRow((ip + ":" + timestampBegin + ":").getBytes());
scan.setStopRow((ip + ":" + timestampEnd + ":a").getBytes());
ResultScanner result = maliciousDetectionTable.getScanner(scan);
for (Result r : result) {
byte[] dataBytes = r.getValue(Bytes.toBytes("data"), Bytes.toBytes(type));
if(dataBytes != null && dataBytes.length>0){
String info = new String((dataBytes));
list.add(info);
}
}
}catch(Exception e){
e.printStackTrace();
}
}
}
\ No newline at end of file
package com.monitor.other.maliciousip.service.impl;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;
/**
* 恶意ip to Uic
*
* @author hui.xu
*
*/
@Service
public class MaliciousIpToUic {
/**
* 日志接口
*/
private Logger logger = LoggerFactory.getLogger(getClass());
/**
* 黑名单失效时间24小时
*/
private static final int MALICIOUS_IP_EXPIRE = 24 * 60 * 60;
/**
* 添加恶意ip
*/
@Value("${add.MaliciousIp}")
private String UIC_URL_ADD;
/**
* 溢出恶意ip
*/
@Value("${remove.MaliciousIp}")
private String UIC_URL_REMOVE;
@Autowired
private RestTemplate restTemplate;
/**
* 添加恶意ip
*
* @param ip
*/
public void addMaliciousIp(String ip) {
try {
if(StringUtils.isBlank(ip)){
return;
}
String url = String.format(UIC_URL_ADD + "?ip=%s&expiretime=%s", ip, MALICIOUS_IP_EXPIRE);
restTemplate.getForEntity(url, null);
} catch (Exception e) {
logger.error(String.format(" - MaliciousIpToUic - addMaliciousIp:{} - error", ip), e);
}
}
/**
* 溢出恶意
*
* @param ip
*/
public void removeMaliciousIp(String ip) {
try {
if(StringUtils.isBlank(ip)){
return;
}
String url = String.format(UIC_URL_REMOVE + "?ip=%s", ip);
restTemplate.getForEntity(url, null);
} catch (Exception e) {
logger.error(String.format(" - MaliciousIpToUic - removeMaliciousIp:{} - error", ip), e);
}
}
}
\ No newline at end of file
package com.monitor.other.maliciousip.task;
import com.contants.AlarmGroupContants;
import com.monitor.common.service.AlarmMsgService;
import com.monitor.other.maliciousip.service.MaliciousIpService;
import com.util.GetUsersInfoUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Component;
import javax.annotation.PostConstruct;
import java.text.SimpleDateFormat;
import java.util.Calendar;
/*
查询恶意告警,5分钟查询一次,超过0条,则发送短信
*/
@Component
public class MacliousIpAlarmTask {
@Autowired
private MaliciousIpService maliciousIpService;
@Autowired
private AlarmMsgService alarmMsgService;
@Autowired
private GetUsersInfoUtil getUsersInfoUtil;
private String mobile;
@PostConstruct
public void init() {
mobile = getUsersInfoUtil.getMobileByAlarmGroup(AlarmGroupContants.GROUP_NAME_MALICIOUS_IP);
if(mobile==null){
mobile="";
}
}
//@Scheduled(cron = "${cron_alarmed_mip_alarm}")
public void alarmSendMsg() {
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.MINUTE ,-5);
String beginTime = new SimpleDateFormat( "yyyy-MM-dd HH:mm:ss" ).format(calendar.getTime());
int count=maliciousIpService.getAlarmCountMipsInfoToOpsDb(beginTime);
if(count>0){
//报警
alarmMsgService.sendSms("service_exception", "最近5分钟收到恶意ip告警数量:"+count, mobile);
}
}
}
package com.monitor.other.maliciousip.util;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import java.io.IOException;
/**
* Created by wangning on 2017/9/22.
*/
public class HbasePoolAws {
private static final String QUORUM = "172.31.70.217";
//private static final String QUORUM = "server3";
private static final String CLIENTPORT = "2181";
private static Configuration conf = null;
private static Connection conn = null;
static{
try {
conf = HBaseConfiguration.create();
conf.set("hbase.zookeeper.quorum", QUORUM);
conf.set("hbase.zookeeper.property.clientPort", CLIENTPORT);
conn = ConnectionFactory.createConnection(conf);
} catch (IOException e) {
e.printStackTrace();
}
}
public static synchronized Connection getConnection()
{
try{
if(conn == null || conn.isClosed())
{
conn = ConnectionFactory.createConnection(conf);
}
}catch (Exception e){
e.printStackTrace();
}
return conn;
}
}
package com.monitor.other.maliciousip.util;
import java.util.ArrayList;
import java.util.List;
/**
* yoho!白名单ip
* @author hui.xu
*
*/
public class IpWhiteListUtil {
private static List<String> Ip_WhiteList = new ArrayList<String>();
static{
Ip_WhiteList.add("106.39.86.224");
Ip_WhiteList.add("106.39.86.27");
Ip_WhiteList.add("106.38.38.144");
Ip_WhiteList.add("106.38.38.28");
Ip_WhiteList.add("218.94.75.50");
Ip_WhiteList.add("218.94.75.58");
Ip_WhiteList.add("218.94.75.32");
Ip_WhiteList.add("54.223.94.23");
Ip_WhiteList.add("54.222.146.59");
Ip_WhiteList.add("139.199.35.21");
Ip_WhiteList.add("139.199.29.44");
Ip_WhiteList.add("54.222.135.182");
Ip_WhiteList.add("123.206.21.19");
Ip_WhiteList.add("123.206.73.107");
Ip_WhiteList.add("123.206.64.25");
Ip_WhiteList.add("123.206.55.43");
}
public static List<String> getIpWhiteList() {
return Ip_WhiteList;
}
}
\ No newline at end of file
package com.monitor.other.maliciousip.util;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
/**
* 需要用到配置文件,所以必须要用注解,不能用单例
* @author hui.xu
*
*/
@Service
public class RedisDataByApiUtil {
/**
* 日志接口
*/
private Logger logger = LoggerFactory.getLogger(getClass());
/**
* 类初始化时就已经实例化,以后就不会变化
*/
// private static final RedisDataByApiUtil instance = new RedisDataByApiUtil();
/**
* 静态工厂方法
* @return
*/
/*public static RedisDataByApiUtil getInstance(){
return instance;
}*/
/**
* 读取spark基础数据的路径
*/
@Value("${spark.read.data.url}")
private String sparkReadDataUrl;
/**
* 基于spark.read.data.url的方法
*/
public final static String SPARK_READ_DATA_URL_TOPIP = "topIp";
/**
* 基于spark.read.data.url的方法
*/
public final static String SPARK_READ_DATA_URL_TOPIPMETHODDETAIL = "topIpMethodDetail";
/**
* 基于spark.read.data.url的方法
*/
public final static String SPARK_READ_DATA_URL_TOPIPAPIPRECENT = "topIpApiPrecent";
@Autowired
private RestTemplate restTemplate;
/**
* 调用Redis改调用api
* @param timeType
* @return
*/
public String getIpsByUrl(String timeType){
try{
String url = String.format(sparkReadDataUrl + SPARK_READ_DATA_URL_TOPIP + "?second=%s", timeType);
String json = restTemplate.postForObject(url, null, String.class);
return getDataByJson(json);
}catch(Exception e){
logger.error(" - MaliciousIpServiceImpl - getIpsByUrl - error", e);
}
return null;
}
/**
* 调用Redis改调用api
* @param timeType
* @return
*/
public String getDetailByUrl(String ip, String timeType, String timestamp){
try{
String url = String.format(sparkReadDataUrl + SPARK_READ_DATA_URL_TOPIPMETHODDETAIL + "?second=%s&ip=%s&timestamp=%s", timeType, ip, timestamp);
String json = restTemplate.postForObject(url, null, String.class);
return getDataByJson(json);
}catch(Exception e){
logger.error(" - MaliciousIpServiceImpl - getDetailByUrl - error", e);
}
return null;
}
/**
* 调用Redis改调用api
* @param timeType
* @return
*/
public String getIpsApiByUrl(String timeType){
try{
String url = String.format(sparkReadDataUrl + SPARK_READ_DATA_URL_TOPIPAPIPRECENT + "?second=%s", timeType);
String json = restTemplate.postForObject(url, null, String.class);
return getDataByJson(json);
}catch(Exception e){
logger.error(" - MaliciousIpServiceImpl - getIpsApiByUrl - error", e);
}
return null;
}
/**
* 根据api返回的json对象只取data中的属性数据
* @param data
* @return
*/
private String getDataByJson(String json){
try{
if(StringUtils.isBlank(json)){
logger.error(" - MaliciousIpServiceImpl - getDataByJson - json is null : {}", json);
return null;
}
JSONObject jsonObj = JSON.parseObject(json);
return jsonObj.getString("data");
}catch(Exception e){
logger.error(" - MaliciousIpServiceImpl - getDataByJson - error", e);
}
return null;
}
}
\ No newline at end of file
package com.monitor.other.maliciousip.util;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;
/**
* Redis 读 基本操作类
* @author hui.xu
*
*/
@Service
public class RedisReadMaliciousUtil {
/**
* 日志接口
*/
private Logger logger = LoggerFactory.getLogger(getClass());
/**
* Redis String 类型
*/
private static final String MALICIOUS_IP = "yh:mip:*";
@Autowired
@Qualifier("aws1RedisWriteTemplate")
private RedisTemplate<String, String> aws1Template;
/**
* 获取所有恶意ip集合
* @return
*/
public Set<byte[]> getIps() {
Set<byte[]> value = null;
try{
value = getKeysInRedisApi(aws1Template, MALICIOUS_IP);
}catch(Exception e){
logger.error(" - RedisReadUtil - getIpsBL - error", e);
}
return value;
}
public Long getTtl(String key){
Long ttl = null;
try{
ttl = getKeysInRedisTTLApi(aws1Template, key);
}catch(Exception e){
logger.error(" - RedisReadUtil - getIpsBL - error", e);
}
return ttl;
}
/**
* 根据key获取
* @param redisTemplate
* @param key
*/
private Set<byte[]> getKeysInRedisApi(RedisTemplate<String, String> redisTemplate, String pattern){
return redisTemplate.getConnectionFactory().getConnection().keys(pattern.getBytes());
}
private Long getKeysInRedisTTLApi(RedisTemplate<String, String> redisTemplate, String key){
return redisTemplate.getExpire(key);
}
}
\ No newline at end of file
package com.monitor.other.maliciousip.util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;
/**
* Redis 读 基本操作类
* @author hui.xu
*
*/
@Service
public class RedisReadUtil {
/**
* 日志接口
*/
private Logger logger = LoggerFactory.getLogger(getClass());
/**
* Redis string,里面放ip、ops、百分比
*/
private static final String MALICIOUS_IP = "yh:malicious:ip:%ss:top";
/**
* Redis string,里面放ip、ops、百分比
* 敏感接口比例和次数
*/
private static final String MALICIOUS_IP_BL_CS = "yh:malicious:ip:api:%ss:top";
/**
* Redis string ,当前ip访问的接口模块名称
*/
private static final String MALICIOUS_IP_DETAIL = "yh:malicious:ip:%ss:method:detail:%s";
@Autowired
@Qualifier("redisReaderTemplate")
private RedisTemplate<String, String> redisReaderTemplate;
/**
* 获取所有恶意ip集合
* @return
*/
public String getIps(String timeType) {
String value = null;
try{
value = getInRedisApi(redisReaderTemplate, String.format(MALICIOUS_IP, timeType));
}catch(Exception e){
logger.error(" - RedisReadUtil - getIps - error", e);
}
return value;
}
/**
* 获取所有恶意ip集合
* 比例
* @return
*/
public String getIpsBL(String timeType) {
String value = null;
try{
value = getInRedisApi(redisReaderTemplate, String.format(MALICIOUS_IP_BL_CS, timeType));
}catch(Exception e){
logger.error(" - RedisReadUtil - getIpsBL - error", e);
}
return value;
}
/**
* 获取所有恶意ip集合
* 次数
* @return
*/
public String getIpsCS(String timeType) {
String value = null;
try{
value = getInRedisApi(redisReaderTemplate, String.format(MALICIOUS_IP_BL_CS, timeType));
}catch(Exception e){
logger.error(" - RedisReadUtil - getIpsCS - error", e);
}
return value;
}
/**
* 单个
* 根据ip获取访问的接口模块名称
* @param ip
* @return
*/
public String getDetail(String ip, String timeType){
String value = null;
try{
value = getInRedisApi(redisReaderTemplate, String.format(MALICIOUS_IP_DETAIL,timeType,ip));
}catch(Exception e){
logger.error(" - RedisReadUtil - getIpsBL - error", e);
}
return value;
}
/**
* 根据key获取
* @param redisTemplate
* @param key
*/
private String getInRedisApi(RedisTemplate<String, String> redisTemplate, final String key){
return redisTemplate.opsForValue().get(key);
}
}
\ No newline at end of file
package com.monitor.other.maliciousip.util;
import java.util.ArrayList;
import java.util.Collection;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.RedisTemplate;
import com.monitor.other.maliciousip.service.impl.MaliciousIpToUic;
/**
* Redis 读 基本操作类
* @author hui.xu
*
*/
public class RedisWriteUtil {
/**
* 日志接口
*/
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private MaliciousIpToUic maliciousIpToUic;
/**
* Redis String 类型
*/
private static final String MALICIOUS_IP = "yh:mip:";
/**
* 黑名单失效时间7*24小时
*/
private static final int MALICIOUS_IP_EXPIRE = 7*24 * 60 * 60;
@Autowired
@Qualifier("aws1RedisWriteTemplate")
private RedisTemplate<String, String> aws1Template;
@Autowired
@Qualifier("aws2RedisWriteTemplate")
private RedisTemplate<String, String> aws2Template;
@Autowired
@Qualifier("qq1RedisWriteTemplate")
private RedisTemplate<String, String> qq1Template;
@Autowired
@Qualifier("qq2RedisWriteTemplate")
private RedisTemplate<String, String> qq2Template;
private ExecutorService executorService = Executors.newFixedThreadPool(50);
/**
* 写入恶意ip
* @return
*/
public void setIps(String []ips) {
try{
if((null == ips) || (0 == ips.length)){
return;
}
//此处用于拦截
for (String ip : ips) {
setInRedisApi(aws1Template, MALICIOUS_IP + ip);
setInRedisApi(aws2Template, MALICIOUS_IP + ip);
setInRedisApi(qq1Template, MALICIOUS_IP + ip);
setInRedisApi(qq2Template, MALICIOUS_IP + ip);
executorService.execute(new Runnable() {
@Override
public void run() {
//向uic中添加恶意ip
maliciousIpToUic.addMaliciousIp(ip);
}
});
}
}catch(Exception e){
logger.error(" - RedisWriteUtil - setIps - error", e);
}
}
/**
* 移除恶意ip
* @param ips
*/
public void delIp(String[] ips){
try{
if((null == ips) || (0 == ips.length)){
return;
}
Collection<String> keys = new ArrayList<String>();
for (int index = 0; index < ips.length; index ++){
keys.add(MALICIOUS_IP + ips[index]);
String ip = ips[index];
executorService.execute(new Runnable() {
@Override
public void run() {
//向uic中添加恶意ip
maliciousIpToUic.removeMaliciousIp(ip);
}
});
}
//此处用于拦截
delInRedisApi(aws1Template, keys);
delInRedisApi(aws2Template, keys);
delInRedisApi(qq1Template, keys);
delInRedisApi(qq2Template, keys);
}catch(Exception e){
logger.error(" - RedisWriteUtil - setIps - error", e);
}
}
/**
* 写入key,并设置ttl时间
* @param redisTemplate
* @param key
*/
private void setInRedisApi(RedisTemplate<String, String> redisTemplate, final String key){
redisTemplate.opsForValue().set(key, "0");
redisTemplate.expire(key, MALICIOUS_IP_EXPIRE, TimeUnit.SECONDS);
}
/**
* 移除key
* @param redisTemplate
* @param keys
*/
private void delInRedisApi(RedisTemplate<String, String> redisTemplate, Collection<String> keys){
redisTemplate.delete(keys);
}
}
\ No newline at end of file
... ... @@ -33,8 +33,6 @@ public class ReleaseRollBack {
@Autowired
private WorkSystemSupport workSystemSupport;
@Value("${code.release.url}")
private String url;
/**
* 2017-04-21
... ... @@ -42,7 +40,7 @@ public class ReleaseRollBack {
* 不采取自动回滚,测试拒绝验收通过后,直接短信和邮件通知运维工程师,由运维工程师发起回滚
*/
//@Scheduled(cron = "0 0/1 * * * ?")
public void releaseRollBack() {
/*public void releaseRollBack() {
try {
List<ReleaseWorkJob> list = releaseWorkJobMapper.selectForTask();
for (ReleaseWorkJob releaseWorkJob : list) {
... ... @@ -83,7 +81,7 @@ public class ReleaseRollBack {
} catch (Exception e) {
e.printStackTrace();
}
}
}*/
@Scheduled(cron = "0 0/5 * * * ?")
public void releaseRollBackAlarm() {
... ...
... ... @@ -16,16 +16,7 @@
<property name="taskScheduler" ref="scheduler" />
</bean>
<!-- <bean id="maliciousIpJob" class="com.monitor.other.maliciousip.job.MaliciousIpJob"
init-method="init">
</bean>-->
<bean id="redisReadUtil" class="com.monitor.other.maliciousip.util.RedisReadUtil" />
<bean id="redisWriteUtil" class="com.monitor.other.maliciousip.util.RedisWriteUtil" />
<bean id="redisReadMaliciousUtil"
class="com.monitor.other.maliciousip.util.RedisReadMaliciousUtil" />
<!-- redis template definition -->
<bean id="stringRedisSerializer"
... ... @@ -41,75 +32,7 @@
<property name="testWhileIdle" value="${redis.pool.testWhileIdle:false}" />
</bean>
<!-- aws 1 -->
<bean id="aws1JedisWriteConnectionFactory"
class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
p:timeout="250" p:poolConfig-ref="jedisPoolConfig"
p:hostName="${malicious.ip.redis.write.aws.host1}" p:port="${malicious.ip.redis.write.port}"
p:password="${aws.redis.proxy.auth}" p:database="${aws.redis.proxy.database:0}"
primary="true" />
<bean id="aws1RedisWriteTemplate" primary="false"
class="org.springframework.data.redis.core.RedisTemplate"
p:connectionFactory-ref="aws1JedisWriteConnectionFactory"
p:keySerializer-ref="stringRedisSerializer" p:valueSerializer-ref="stringRedisSerializer"
p:hashKeySerializer-ref="stringRedisSerializer"
p:hashValueSerializer-ref="stringRedisSerializer" />
<!-- aws 2 -->
<bean id="aws2JedisWriteConnectionFactory"
class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
p:timeout="250" p:poolConfig-ref="jedisPoolConfig"
p:hostName="${malicious.ip.redis.write.aws.host2}" p:port="${malicious.ip.redis.write.port}"
p:password="${aws.redis.proxy.auth}" p:database="${aws.redis.proxy.database:0}"
primary="true" />
<bean id="aws2RedisWriteTemplate" primary="false"
class="org.springframework.data.redis.core.RedisTemplate"
p:connectionFactory-ref="aws2JedisWriteConnectionFactory"
p:keySerializer-ref="stringRedisSerializer" p:valueSerializer-ref="stringRedisSerializer"
p:hashKeySerializer-ref="stringRedisSerializer"
p:hashValueSerializer-ref="stringRedisSerializer" />
<!-- qq 1 -->
<bean id="qq1JedisWriteConnectionFactory"
class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
p:timeout="250" p:poolConfig-ref="jedisPoolConfig"
p:hostName="${malicious.ip.redis.write.qq.host1}" p:port="${malicious.ip.redis.write.port}"
p:password="${aws.redis.proxy.auth}" p:database="${aws.redis.proxy.database:0}"
primary="true" />
<bean id="qq1RedisWriteTemplate" primary="false"
class="org.springframework.data.redis.core.RedisTemplate"
p:connectionFactory-ref="qq1JedisWriteConnectionFactory"
p:keySerializer-ref="stringRedisSerializer" p:valueSerializer-ref="stringRedisSerializer"
p:hashKeySerializer-ref="stringRedisSerializer"
p:hashValueSerializer-ref="stringRedisSerializer" />
<!-- qq 2 -->
<bean id="qq2JedisWriteConnectionFactory"
class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
p:timeout="250" p:poolConfig-ref="jedisPoolConfig"
p:hostName="${malicious.ip.redis.write.qq.host2}" p:port="${malicious.ip.redis.write.port}"
p:password="${aws.redis.proxy.auth}" p:database="${aws.redis.proxy.database:0}"
primary="true" />
<bean id="qq2RedisWriteTemplate" primary="false"
class="org.springframework.data.redis.core.RedisTemplate"
p:connectionFactory-ref="qq2JedisWriteConnectionFactory"
p:keySerializer-ref="stringRedisSerializer" p:valueSerializer-ref="stringRedisSerializer"
p:hashKeySerializer-ref="stringRedisSerializer"
p:hashValueSerializer-ref="stringRedisSerializer" />
<!-- spark read -->
<bean id="jedisReaderConnectionFactory"
class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
p:timeout="250" p:poolConfig-ref="jedisPoolConfig" p:hostName="${malicious.ip.redis.read.host}"
p:port="${malicious.ip.redis.read.port}" p:password="${aws.redis.proxy.auth}"
p:database="${aws.redis.proxy.database:0}" primary="true" />
<bean id="redisReaderTemplate" primary="false"
class="org.springframework.data.redis.core.StringRedisTemplate"
p:connectionFactory-ref="jedisReaderConnectionFactory"
p:keySerializer-ref="stringRedisSerializer" p:valueSerializer-ref="stringRedisSerializer"
p:hashKeySerializer-ref="stringRedisSerializer"
p:hashValueSerializer-ref="stringRedisSerializer" />
<!-- 配置RestTemplate -->
<!--Http client Factory-->
<bean id="httpClientFactory" class="org.springframework.http.client.SimpleClientHttpRequestFactory">
... ...
system.envi=product
#当前所归属的云
system.envi.cloud.name=aws
#java api 执行核心线程数
JavaApiExecutorPoolCoreSize=30
#java api 执行最大线程数
... ... @@ -13,37 +10,21 @@ nginxsync.agent=172.31.16.167:6060
zookeeper.address=yoho-ops-zookeeper:2181
#zookeeper.address=172.31.50.139:2181
aws.redis.proxy.address=172.31.31.170
#aws.redis.proxy.address=172.31.31.170
aws.redis.proxy.address=yoho-ops-redis
aws.redis.proxy.port=6379
aws.redis.proxy.auth=
code.release.url=http://172.31.16.167:8883/web/
zkAddress=yoho-ops-zookeeper:2181
#zkAddress=172.31.50.139:2181
search.aws.url=http://internal-search-1492740248.cn-north-1.elb.amazonaws.com.cn/
search.qq.url=http://10.66.4.30/
malicious.ip.redis.read.host=172.31.31.170
malicious.ip.redis.read.port=6379
malicious.ip.redis.write.qq.host1=10.66.0.3
malicious.ip.redis.write.qq.host2=10.66.0.2
malicious.ip.redis.write.aws.host1=172.31.70.163
malicious.ip.redis.write.aws.host2=172.31.70.53
malicious.ip.redis.write.port=6379
#restTemplate
connectTimeout=5000
readTimeout=10000
#uic url
add.MaliciousIp=http://uic.yohoops.org/uic/addMaliciousIp
remove.MaliciousIp=http://uic.yohoops.org/uic/removeMaliciousIp
#spark read url
spark.read.data.url=http://172.31.50.139:8082/malicious/
check_bigdata=true
#自动化测试
... ...
system.envi=test1
#当前所归属的云
system.envi.cloud.name=test
#java api 执行核心线程数
JavaApiExecutorPoolCoreSize=30
#java api 执行最大线程数
... ... @@ -16,32 +13,15 @@ aws.redis.proxy.address=192.168.102.22
aws.redis.proxy.port=6379
aws.redis.proxy.auth=
code.release.url=http://192.168.102.22:8883/web/
zkAddress=192.168.102.45:2181
search.aws.url=http://192.168.102.216:8080/
search.qq.url=http://192.168.102.224:8080/
malicious.ip.redis.read.host=192.168.102.22
malicious.ip.redis.read.port=6379
malicious.ip.redis.write.qq.host1=192.168.102.22
malicious.ip.redis.write.qq.host2=192.168.102.22
malicious.ip.redis.write.aws.host1=192.168.102.22
malicious.ip.redis.write.aws.host2=192.168.102.22
malicious.ip.redis.write.port=6379
#restTemplate
connectTimeout=5000
readTimeout=10000
#uic url
add.MaliciousIp=http://172.16.6.237:8096/uic/addMaliciousIp
remove.MaliciousIp=http://172.16.6.237:8096/uic/removeMaliciousIp
#spark read url
spark.read.data.url=http://172.16.6.140:8088/malicious/
check_bigdata=false
auto.task.test.url=http://192.168.103.71:8075/autoTask/executeFromGongDan
... ... @@ -57,9 +37,3 @@ ldap.flag=0
mongo.host=192.168.103.66
mongo.databaseName=test
mongo.port=27017
... ...