diff --git a/src/main/java/com/zdjizhi/common/FlowWriteConfig.java b/src/main/java/com/zdjizhi/common/FlowWriteConfig.java index a93496f..1a88d40 100644 --- a/src/main/java/com/zdjizhi/common/FlowWriteConfig.java +++ b/src/main/java/com/zdjizhi/common/FlowWriteConfig.java @@ -72,20 +72,34 @@ public class FlowWriteConfig { public static final int SASL_JAAS_CONFIG_FLAG = CommonConfigurations.getIntProperty("sasl.jaas.config.flag"); - public static final String NACOS_SERVER = CommonConfigurations.getStringProperty("nacos.server.addr"); - public static final String NACOS_USERNAME = CommonConfigurations.getStringProperty("nacos.username"); - public static final String NACOS_PIN = CommonConfigurations.getStringProperty("nacos.password"); - public static final String NACOS_PUBLIC_NAMESPACE = CommonConfigurations.getStringProperty("nacos.namespace"); - public static final String NACOS_KNOWLEDGEBASE_DATA_ID = CommonConfigurations.getStringProperty("nacos.data.id"); - public static final String NACOS_PUBLIC_GROUP = CommonConfigurations.getStringProperty("nacos.group"); - public static final Integer NACOS_CONNECTION_TIMEOUT = CommonConfigurations.getIntProperty("nacos.connection.timeout"); - - - - public static final String NACOS_DOS_NAMESPACE = CommonConfigurations.getStringProperty("nacos.dos.namespace"); - public static final String NACOS_DOS_DATA_ID = CommonConfigurations.getStringProperty("nacos.dos.data.id"); - public static final String NACOS_DOS_GROUP = CommonConfigurations.getStringProperty("nacos.dos.group"); - public static final Integer HTTP_SOCKET_TIMEOUT = CommonConfigurations.getIntProperty("http.socket.timeout"); + public static final Long KNOWLEDGE_EXECUTION_INTERVAL = CommonConfigurations.getLongProperty("knowledge.execution.interval"); + + + public static final String KNOWLEDGE_BASE_URL = CommonConfigurations.getStringProperty("knowledge.base.uri"); + public static final String KNOWLEDGE_BASE_PATH = CommonConfigurations.getStringProperty("knowledge.base.path"); + public static final String IP_USER_DEFINED_KD_ID = CommonConfigurations.getStringProperty("ip.user.defined.kd.id"); + public static final String IP_BUILTIN_KD_ID = CommonConfigurations.getStringProperty("ip.builtin.kd.id"); + + + public static final String BIFANG_SERVER_TOKEN = CommonConfigurations.getStringProperty("bifang.server.token"); + + + public static final Integer STATIC_SENSITIVITY_THRESHOLD = CommonConfigurations.getIntProperty("static.sensitivity.threshold"); + public static final Double BASELINE_SENSITIVITY_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sensitivity.threshold"); + + public static final Double BASELINE_SESSIONS_MINOR_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.minor.threshold"); + + + public static final Double BASELINE_SESSIONS_WARNING_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.warning.threshold"); + + public static final Double BASELINE_SESSIONS_MAJOR_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.major.threshold"); + + public static final Double BASELINE_SESSIONS_SEVERE_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.severe.threshold"); + public static final Double BASELINE_SESSIONS_CRITICAL_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.critical.threshold"); + + } + + diff --git a/src/main/java/com/zdjizhi/common/pojo/KnowlegeBaseMeta.java b/src/main/java/com/zdjizhi/common/pojo/KnowlegeBaseMeta.java index 1701367..f6562cc 100644 --- a/src/main/java/com/zdjizhi/common/pojo/KnowlegeBaseMeta.java +++ b/src/main/java/com/zdjizhi/common/pojo/KnowlegeBaseMeta.java @@ -6,26 +6,26 @@ import java.io.Serializable; * */ public class KnowlegeBaseMeta implements Serializable { - private String id; + private String kb_id; private String name; private String sha256; private String format; private String path; - public KnowlegeBaseMeta(String id, String name, String sha256, String format, String path) { - this.id = id; + public KnowlegeBaseMeta(String kd_id, String name, String sha256, String format, String path) { + this.kb_id = kd_id; this.name = name; this.sha256 = sha256; this.format = format; this.path = path; } - public String getId() { - return id; + public String getKb_id() { + return kb_id; } - public void setId(String id) { - this.id = id; + public void setKb_id(String kb_id) { + this.kb_id = kb_id; } public String getName() { @@ -63,7 +63,7 @@ public class KnowlegeBaseMeta implements Serializable { @Override public String toString() { return "KnowlegeBaseMeta{" + - "id='" + id + '\'' + + "kb_id='" + kb_id + '\'' + ", name='" + name + '\'' + ", sha256='" + sha256 + '\'' + ", format='" + format + '\'' + diff --git a/src/main/java/com/zdjizhi/etl/DosDetection.java b/src/main/java/com/zdjizhi/etl/DosDetection.java index 14013cf..3fb5a7c 100644 --- a/src/main/java/com/zdjizhi/etl/DosDetection.java +++ b/src/main/java/com/zdjizhi/etl/DosDetection.java @@ -6,7 +6,6 @@ import com.geedgenetworks.utils.DateUtils; import com.geedgenetworks.utils.StringUtil; import com.zdjizhi.common.*; import com.zdjizhi.utils.*; -import com.zdjizhi.utils.connections.nacos.NacosUtils; import inet.ipaddr.IPAddress; import inet.ipaddr.IPAddressString; import org.apache.commons.lang3.StringUtils; @@ -102,7 +101,7 @@ public class DosDetection extends ProcessFunction { private DosEventLog getDosEventLogBySensitivityThreshold(DosSketchLog value) { long sketchSessions = value.getSketch_sessions(); - Integer staticSensitivityThreshold = NacosUtils.getIntProperty("static.sensitivity.threshold"); + Integer staticSensitivityThreshold = FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD; long diff = sketchSessions - staticSensitivityThreshold; return getDosEventLog(value, staticSensitivityThreshold, diff, 0, SENSITIVITY_CONDITION_TYPE, SESSIONS_TAG); } @@ -162,9 +161,9 @@ public class DosDetection extends ProcessFunction { if (diff > 0 && base != 0) { double percent = getDiffPercent(diff, base); Severity severity = judgeSeverity(percent); - Integer staticSensitivityThreshold = NacosUtils.getIntProperty("static.sensitivity.threshold"); + Integer staticSensitivityThreshold = FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD; if (severity != Severity.NORMAL) { - if (type == BASELINE_CONDITION_TYPE && percent < NacosUtils.getDoubleProperty("baseline.sensitivity.threshold")) { + if (type == BASELINE_CONDITION_TYPE && percent < FlowWriteConfig.BASELINE_SENSITIVITY_THRESHOLD) { logger.debug("当前server IP:{},类型:{},基线值{}百分比{}未超过基线敏感阈值,日志详情\n{}", destinationIp, attackType, base, percent, value); } else if ((type == BASELINE_CONDITION_TYPE || type == SENSITIVITY_CONDITION_TYPE) && value.getSketch_sessions() < staticSensitivityThreshold) { logger.debug("当前server IP:{},类型:{},基线值{}百分比{}未超过静态敏感阈值,日志详情\n{}", destinationIp, attackType, base, percent, value); @@ -220,8 +219,8 @@ public class DosDetection extends ProcessFunction { logger.debug("获取到当前IP: {},类型: {} baseline值为0,替换为P95观测值{}", value.getDestination_ip(), value.getAttack_type(), defaultVaule); base = defaultVaule; } - if (sessionRateBaselineType == OTHER_BASELINE_TYPE && base < NacosUtils.getIntProperty("static.sensitivity.threshold")) { - base = NacosUtils.getIntProperty("static.sensitivity.threshold"); + if (sessionRateBaselineType == OTHER_BASELINE_TYPE && base < FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD) { + base = FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD; } } } @@ -309,15 +308,15 @@ public class DosDetection extends ProcessFunction { } private Severity judgeSeverity(double diffPercent) { - if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.minor.threshold") && diffPercent < NacosUtils.getDoubleProperty("baseline.sessions.warning.threshold")) { + if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_MINOR_THRESHOLD && diffPercent < FlowWriteConfig.BASELINE_SESSIONS_WARNING_THRESHOLD) { return Severity.MINOR; - } else if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.warning.threshold") && diffPercent < NacosUtils.getDoubleProperty("baseline.sessions.major.threshold")) { + } else if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_WARNING_THRESHOLD && diffPercent < FlowWriteConfig.BASELINE_SESSIONS_MAJOR_THRESHOLD) { return Severity.WARNING; - } else if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.major.threshold") && diffPercent < NacosUtils.getDoubleProperty("baseline.sessions.severe.threshold")) { + } else if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_MAJOR_THRESHOLD && diffPercent < FlowWriteConfig.BASELINE_SESSIONS_SEVERE_THRESHOLD) { return Severity.MAJOR; - } else if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.severe.threshold") && diffPercent < NacosUtils.getDoubleProperty("baseline.sessions.critical.threshold")) { + } else if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_SEVERE_THRESHOLD && diffPercent < FlowWriteConfig.BASELINE_SESSIONS_CRITICAL_THRESHOLD) { return Severity.SEVERE; - } else if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.critical.threshold")) { + } else if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_CRITICAL_THRESHOLD) { return Severity.CRITICAL; } else { return Severity.NORMAL; diff --git a/src/main/java/com/zdjizhi/etl/EtlProcessFunction.java b/src/main/java/com/zdjizhi/etl/EtlProcessFunction.java index c3ebbcc..a163036 100644 --- a/src/main/java/com/zdjizhi/etl/EtlProcessFunction.java +++ b/src/main/java/com/zdjizhi/etl/EtlProcessFunction.java @@ -81,7 +81,6 @@ public class EtlProcessFunction extends ProcessWindowFunction newSketchLog.getCommon_recv_time()){ recvtime = newSketchLog.getCommon_recv_time(); } - System.out.println(newSketchLog.getCommon_recv_time()); String sourceIp = newSketchLog.getSource_ip(); if (StringUtils.equals(sourceIp,EMPTY_SOURCE_IP_IPV4) || StringUtils.equals(sourceIp,EMPTY_SOURCE_IP_IPV6)){ sessions += newSketchLog.getSketch_sessions(); diff --git a/src/main/java/com/zdjizhi/etl/ParseStaticThreshold.java b/src/main/java/com/zdjizhi/etl/ParseStaticThreshold.java index 4791f0c..36d4ce4 100644 --- a/src/main/java/com/zdjizhi/etl/ParseStaticThreshold.java +++ b/src/main/java/com/zdjizhi/etl/ParseStaticThreshold.java @@ -4,14 +4,10 @@ import cn.hutool.log.Log; import cn.hutool.log.LogFactory; import com.alibaba.fastjson2.JSON; import com.alibaba.fastjson2.JSONObject; -//import com.fasterxml.jackson.databind.JavaType; import com.zdjizhi.common.FlowWriteConfig; import com.zdjizhi.common.DosDetectionThreshold; import com.zdjizhi.common.DosVsysId; import com.zdjizhi.utils.HttpClientUtils; -//import com.zdjizhi.utils.JsonMapper; - -import com.zdjizhi.utils.connections.nacos.NacosUtils; import inet.ipaddr.IPAddress; import inet.ipaddr.IPAddressString; import org.apache.flink.shaded.guava18.com.google.common.collect.Range; @@ -89,7 +85,7 @@ public class ParseStaticThreshold { // parms.put("orderBy", "vsysId desc"); parms.put("type", 1); HttpClientUtils.setUrlWithParams(uriBuilder, FlowWriteConfig.BIFANG_SERVER_POLICY_VSYSID_PATH, parms); - String token = NacosUtils.getStringProperty("bifang.server.token"); + String token = FlowWriteConfig.BIFANG_SERVER_TOKEN; if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) { BasicHeader authorization = new BasicHeader("Authorization", token); BasicHeader authorization1 = new BasicHeader("Content-Type", "application/x-www-form-urlencoded"); @@ -138,7 +134,7 @@ public class ParseStaticThreshold { parms.put("is_valid", 1); parms.put("vsys_id", vsysId); HttpClientUtils.setUrlWithParams(uriBuilder, FlowWriteConfig.BIFANG_SERVER_POLICY_THRESHOLD_PATH, parms); - String token = NacosUtils.getStringProperty("bifang.server.token"); + String token = FlowWriteConfig.BIFANG_SERVER_TOKEN; if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) { BasicHeader authorization = new BasicHeader("Authorization", token); BasicHeader authorization1 = new BasicHeader("Content-Type", "application/x-www-form-urlencoded"); diff --git a/src/main/java/com/zdjizhi/utils/IpLookupUtils.java b/src/main/java/com/zdjizhi/utils/IpLookupUtils.java index 8d84bb9..2939f63 100644 --- a/src/main/java/com/zdjizhi/utils/IpLookupUtils.java +++ b/src/main/java/com/zdjizhi/utils/IpLookupUtils.java @@ -4,20 +4,21 @@ import cn.hutool.crypto.digest.DigestUtil; import cn.hutool.log.Log; import cn.hutool.log.LogFactory; import com.alibaba.fastjson2.*; -import com.alibaba.nacos.api.config.ConfigService; -import com.alibaba.nacos.api.config.listener.Listener; -import com.alibaba.nacos.api.exception.NacosException; import com.geedgenetworks.utils.IpLookupV2; import com.geedgenetworks.utils.StringUtil; import com.google.common.base.Joiner; import com.zdjizhi.common.FlowWriteConfig; import com.zdjizhi.common.pojo.KnowlegeBaseMeta; import com.zdjizhi.utils.connections.http.HttpClientService; -import com.zdjizhi.utils.connections.nacos.NacosConnection; +import org.apache.http.client.utils.URIBuilder; import java.io.ByteArrayInputStream; +import java.net.URISyntaxException; import java.util.HashMap; -import java.util.concurrent.Executor; +import java.util.Map; +import java.util.Timer; +import java.util.TimerTask; + /** * @author wangchengcheng @@ -53,47 +54,39 @@ public class IpLookupUtils { */ private static final HashMap knowledgeMetaCache = new HashMap<>(16); + private static String currentSha256IpUserDefined = ""; + + private static String currentSha256IpBuiltin = ""; + static { - JSONPath jsonPath = JSONPath.of(getFilterParameter()); httpClientService = new HttpClientService(); - - NacosConnection nacosConnection = new NacosConnection(); - ConfigService schemaService = nacosConnection.getPublicService(); - try { - String configInfo = schemaService.getConfigAndSignListener(FlowWriteConfig.NACOS_KNOWLEDGEBASE_DATA_ID, FlowWriteConfig.NACOS_PUBLIC_GROUP, FlowWriteConfig.NACOS_CONNECTION_TIMEOUT, new Listener() { - @Override - public Executor getExecutor() { - return null; - } - - @Override - public void receiveConfigInfo(String configInfo) { - if (StringUtil.isNotBlank(configInfo)) { - updateIpLookup(jsonPath, configInfo); - } - } - }); - - if (StringUtil.isNotBlank(configInfo)) { - updateIpLookup(jsonPath, configInfo); + stuffKnowledgeMetaCache(); + Timer timer = new Timer(); + timer.schedule(new TimerTask() { + @Override + public void run() { + stuffKnowledgeMetaCache(); } - } catch (NacosException e) { - logger.error("Get Schema config from Nacos error,The exception message is :" + e.getMessage()); - } + }, 0, FlowWriteConfig.KNOWLEDGE_EXECUTION_INTERVAL); } - private static void updateIpLookup(JSONPath jsonPath, String configInfo) { - String extract = jsonPath.extract(JSONReader.of(configInfo)).toString(); - if (StringUtil.isNotBlank(extract)) { - JSONArray jsonArray = JSON.parseArray(extract); - if (jsonArray.size() > 0) { - for (int i = 0; i < jsonArray.size(); i++) { - KnowlegeBaseMeta knowlegeBaseMeta = JSONObject.parseObject(jsonArray.getString(i), KnowlegeBaseMeta.class); - String fileName = Joiner.on(LOCATION_SEPARATOR).useForNull("").join(knowlegeBaseMeta.getName(), knowlegeBaseMeta.getFormat()); - knowledgeMetaCache.put(fileName, knowlegeBaseMeta); - } - reloadIpLookup(); - } + + + private static void stuffKnowledgeMetaCache(){ + final KnowlegeBaseMeta ipBuiltinknowlegeBaseMeta = getKnowlegeBaseMeta(FlowWriteConfig.IP_BUILTIN_KD_ID); + if (!currentSha256IpBuiltin.equals(ipBuiltinknowlegeBaseMeta.getSha256())) { + String fileName = Joiner.on(LOCATION_SEPARATOR).useForNull("").join(ipBuiltinknowlegeBaseMeta.getName(), ipBuiltinknowlegeBaseMeta.getFormat()); + knowledgeMetaCache.put(fileName, ipBuiltinknowlegeBaseMeta); + } + final KnowlegeBaseMeta ipUserDefinedknowlegeBaseMeta = getKnowlegeBaseMeta(FlowWriteConfig.IP_USER_DEFINED_KD_ID); + if (!currentSha256IpUserDefined.equals(ipUserDefinedknowlegeBaseMeta.getSha256())) { + String fileName = Joiner.on(LOCATION_SEPARATOR).useForNull("").join(ipUserDefinedknowlegeBaseMeta.getName(), ipUserDefinedknowlegeBaseMeta.getFormat()); + knowledgeMetaCache.put(fileName, ipUserDefinedknowlegeBaseMeta); + } + if (!currentSha256IpUserDefined.equals(ipUserDefinedknowlegeBaseMeta.getSha256()) || !currentSha256IpBuiltin.equals(ipBuiltinknowlegeBaseMeta.getSha256())) { + currentSha256IpBuiltin = ipBuiltinknowlegeBaseMeta.getSha256(); + currentSha256IpUserDefined = ipUserDefinedknowlegeBaseMeta.getSha256(); + reloadIpLookup(); } } @@ -126,7 +119,7 @@ public class IpLookupUtils { System.out.println("update " + fileName + " finished, speed :" + (System.currentTimeMillis() - startTime) + "ms"); retryNum = TRY_TIMES; } else { - logger.error("通过HOS下载{}的sha256为:{} ,Nacos内记录为:{} ,sha256不相等 开始第{}次重试下载文件", fileName, downloadFileSha256, metaSha256, retryNum); + logger.error("通过HOS下载{}的sha256为:{} ,网关内记录为:{} ,sha256不相等 开始第{}次重试下载文件", fileName, downloadFileSha256, metaSha256, retryNum); retryNum++; } } else { @@ -138,14 +131,13 @@ public class IpLookupUtils { ipLookup = builder.build(); } + /** * 根据配置组合生成知识库元数据过滤参数 * * @return 过滤参数 */ private static String getFilterParameter() { -// String expr = "$.[?(@.version=='latest' && @.name in ['ip_built_in','ip_user_defined'])].['name','sha256','format','path']"; - String expr = "[?(@.version=='latest')][?(@.name in ('ip_builtin','ip_user_defined'))]"; @@ -156,5 +148,35 @@ public class IpLookupUtils { return ipLookup.countryLookup(ip); } - + private static KnowlegeBaseMeta getKnowlegeBaseMeta(String kd_id) { + KnowlegeBaseMeta knowlegeBaseMeta = null; + String knowledgeInfo = null; + try { + URIBuilder uriBuilder = new URIBuilder(FlowWriteConfig.KNOWLEDGE_BASE_URL); + HashMap parms = new HashMap<>(); + parms.put("kb_id", kd_id); + HttpClientUtils.setUrlWithParams(uriBuilder, FlowWriteConfig.KNOWLEDGE_BASE_PATH, parms); + knowledgeInfo = HttpClientUtils.httpGet(uriBuilder.build()); + if (knowledgeInfo.contains("200")) { + final Map jsonObject = JSONObject.parseObject(knowledgeInfo, Map.class); + JSONPath jsonPath = JSONPath.of(getFilterParameter()); + String extract = jsonPath.extract(JSONReader.of(jsonObject.get("data").toString())).toString(); + if (StringUtil.isNotBlank(extract)) { + JSONArray jsonArray = JSON.parseArray(extract); + if (jsonArray.size() > 0) { + for (int i = 0; i < jsonArray.size(); i++) { + knowlegeBaseMeta = JSONObject.parseObject(jsonArray.getString(i), KnowlegeBaseMeta.class); + } + } + } + } else { + logger.error("获取knowledge_base失败,请求回执为" + knowledgeInfo); + } + } catch (URISyntaxException e) { + logger.error("构造URI异常", e); + } catch (Exception e) { + logger.error("获取knowledge_base失败", e); + } + return knowlegeBaseMeta; + } } diff --git a/src/main/java/com/zdjizhi/utils/connections/nacos/NacosConnection.java b/src/main/java/com/zdjizhi/utils/connections/nacos/NacosConnection.java deleted file mode 100644 index 8de0ae0..0000000 --- a/src/main/java/com/zdjizhi/utils/connections/nacos/NacosConnection.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.zdjizhi.utils.connections.nacos; - -import cn.hutool.log.Log; -import cn.hutool.log.LogFactory; -import com.alibaba.nacos.api.NacosFactory; -import com.alibaba.nacos.api.PropertyKeyConst; -import com.alibaba.nacos.api.config.ConfigService; -import com.alibaba.nacos.api.exception.NacosException; -import com.zdjizhi.common.FlowWriteConfig; - - -import java.util.Properties; - -/** - * @author qidaijie - * @Package com.zdjizhi.tools.connections.nacos - * @Description: - * @date 2023/7/2714:49 - */ -public class NacosConnection { - private static final Log logger = LogFactory.get(); - - private ConfigService configService; - - - public ConfigService getDosService() { - Properties properties = new Properties(); - properties.setProperty(PropertyKeyConst.SERVER_ADDR, FlowWriteConfig.NACOS_SERVER); - properties.setProperty(PropertyKeyConst.NAMESPACE, FlowWriteConfig.NACOS_DOS_NAMESPACE); - properties.setProperty(PropertyKeyConst.USERNAME, FlowWriteConfig.NACOS_USERNAME); - properties.setProperty(PropertyKeyConst.PASSWORD, FlowWriteConfig.NACOS_PIN); - try { - configService = NacosFactory.createConfigService(properties); - } catch (NacosException e) { - logger.error("NacosException:{}", e); - } - return configService; - } - - - public ConfigService getPublicService() { - Properties properties = new Properties(); - properties.setProperty(PropertyKeyConst.SERVER_ADDR, FlowWriteConfig.NACOS_SERVER); - properties.setProperty(PropertyKeyConst.NAMESPACE, FlowWriteConfig.NACOS_PUBLIC_NAMESPACE); - properties.setProperty(PropertyKeyConst.USERNAME, FlowWriteConfig.NACOS_USERNAME); - properties.setProperty(PropertyKeyConst.PASSWORD, FlowWriteConfig.NACOS_PIN); - try { - configService = NacosFactory.createConfigService(properties); - } catch (NacosException e) { - logger.error("NacosException:{}", e); - } - return configService; - } -} diff --git a/src/main/java/com/zdjizhi/utils/connections/nacos/NacosUtils.java b/src/main/java/com/zdjizhi/utils/connections/nacos/NacosUtils.java deleted file mode 100644 index d60dd0f..0000000 --- a/src/main/java/com/zdjizhi/utils/connections/nacos/NacosUtils.java +++ /dev/null @@ -1,69 +0,0 @@ -package com.zdjizhi.utils.connections.nacos; - -import cn.hutool.log.Log; -import cn.hutool.log.LogFactory; -import com.alibaba.nacos.api.config.ConfigService; -import com.alibaba.nacos.api.config.listener.Listener; -import com.zdjizhi.common.FlowWriteConfig; - -import java.io.IOException; -import java.io.StringReader; -import java.util.Properties; -import java.util.concurrent.Executor; - -public class NacosUtils { - private static final Log logger = LogFactory.get(); - private static Properties commonProperties = new Properties(); - - static { - NacosConnection nacosConnection = new NacosConnection(); - ConfigService dosService = nacosConnection.getDosService(); - try { - String config = dosService.getConfig(FlowWriteConfig.NACOS_DOS_DATA_ID, FlowWriteConfig.NACOS_DOS_GROUP, FlowWriteConfig.NACOS_CONNECTION_TIMEOUT); - - commonProperties.load(new StringReader(config)); - - dosService.addListener(FlowWriteConfig.NACOS_DOS_DATA_ID, FlowWriteConfig.NACOS_DOS_GROUP, new Listener() { - @Override - public Executor getExecutor() { - return null; - } - - @Override - public void receiveConfigInfo(String configMsg) { - try { - commonProperties.clear(); - commonProperties.load(new StringReader(configMsg)); - } catch (IOException e) { - logger.error("监听nacos配置失败", e); - } - System.out.println(configMsg); - } - }); - } catch (Exception e) { - e.printStackTrace(); - logger.error("获取nacos配置失败", e); - } - } - - public static String getStringProperty(String key) { - return commonProperties.getProperty(key); - } - - public static Integer getIntProperty(String key) { - return Integer.parseInt(commonProperties.getProperty(key)); - } - - public static Double getDoubleProperty(String key) { - return Double.parseDouble(commonProperties.getProperty(key)); - } - - public static Long getLongProperty(String key) { - return Long.parseLong(commonProperties.getProperty(key)); - } - - public static Boolean getBooleanProperty(String key) { - return "true".equals(commonProperties.getProperty(key).toLowerCase().trim()); - } - -} diff --git a/src/main/resources/common.properties b/src/main/resources/common.properties index 65cdc3a..060756e 100644 --- a/src/main/resources/common.properties +++ b/src/main/resources/common.properties @@ -8,11 +8,11 @@ stream.execution.job.name=DOS-DETECTION-APPLICATION kafka.input.parallelism=3 #输入kafka topic名 -kafka.input.topic.name=test +kafka.input.topic.name=DOS-SKETCH-RECORD #输入kafka地址 -kafka.input.bootstrap.servers=192.168.44.12:9094 -#kafka.input.bootstrap.servers=192.168.44.11:9094,192.168.44.14:9094,192.168.44.15:9094 +#kafka.input.bootstrap.servers=192.168.44.12:9094 +kafka.input.bootstrap.servers=192.168.44.11:9094,192.168.44.14:9094,192.168.44.15:9094 #读取kafka group id kafka.input.group.id=dos-detection-job-221125-23132 @@ -74,23 +74,6 @@ destination.ip.partition.num=10000 data.center.id.num=15 - -#bifang服务访问地址 -bifang.server.uri=http://192.168.44.72 -#bifang.server.uri=http://192.168.44.3:80 - -#加密密码路径信息 -bifang.server.encryptpwd.path=/v1/user/encryptpwd - -#登录bifang服务路径信息 -bifang.server.login.path=/v1/user/login - -#获取vaysId路径信息 -bifang.server.policy.vaysid.path=/v1/admin/vsys - -#获取静态阈值路径信息 -bifang.server.policy.threshold.path=/v1/policy/profile/dos_detection - #http请求相关参数 #最大连接数 http.pool.max.connection=400 @@ -121,19 +104,46 @@ sasl.jaas.config.password=6MleDyA3Z73HSaXiKsDJ2k7Ys8YWLhEJ #是否开启kafka用户认证配置,1:是;0:否 sasl.jaas.config.flag=1 -############################## Nacos 配置 ###################################### -nacos.server.addr=192.168.44.12:8848 -nacos.username=nacos -nacos.password=nacos -############################## Nacos ---知识库配置 ###################################### -nacos.namespace=public -nacos.data.id=knowledge_base.json -nacos.group=DEFAULT_GROUP -nacos.connection.timeout=60000 +http.socket.timeout=90000 + +############################## Knowledge Base 配置 ###################################### +knowledge.execution.interval=30000 +knowledge.base.uri=http://192.168.44.12:9999 +knowledge.base.path=/v1/knowledge_base +ip.user.defined.kd.id=004390bc-3135-4a6f-a492-3662ecb9e289 +ip.builtin.kd.id=64af7077-eb9b-4b8f-80cf-2ceebc89bea9 + +############################## Bifang Server 配置 ###################################### +bifang.server.token=aa2bdec5518ad131f71944b13ce5c298&1& +#bifang服务访问地址 +bifang.server.uri=http://192.168.44.72 +#bifang.server.uri=http://192.168.44.3:80 + +#加密密码路径信息 +bifang.server.encryptpwd.path=/v1/user/encryptpwd + +#登录bifang服务路径信息 +bifang.server.login.path=/v1/user/login + +#获取vaysId路径信息 +bifang.server.policy.vaysid.path=/v1/admin/vsys + +#获取静态阈值路径信息 +bifang.server.policy.threshold.path=/v1/policy/profile/dos_detection + + +############################## 基线 配置 ###################################### +static.sensitivity.threshold=1 +#基线敏感阈值 +baseline.sensitivity.threshold=0.2 + +#基于baseline判定dos攻击的上下限 +baseline.sessions.minor.threshold=0.2 +baseline.sessions.warning.threshold=1 +baseline.sessions.major.threshold=2.5 +baseline.sessions.severe.threshold=5 +baseline.sessions.critical.threshold=8 + + -############################## Nacos ---静态阈值配置 ###################################### -nacos.dos.namespace=test -nacos.dos.data.id=dos_detection.properties -nacos.dos.group=Galaxy -http.socket.timeout=90000 \ No newline at end of file diff --git a/src/test/java/com/zdjizhi/common/NacosTest.java b/src/test/java/com/zdjizhi/common/NacosTest.java index 4c34e90..0fe6cb2 100644 --- a/src/test/java/com/zdjizhi/common/NacosTest.java +++ b/src/test/java/com/zdjizhi/common/NacosTest.java @@ -55,7 +55,7 @@ public class NacosTest { String content = configService.getConfig(DATA_ID, GROUP, 5000); Properties nacosConfigMap = new Properties(); nacosConfigMap.load(new StringReader(content)); - System.out.println(nacosConfigMap.getProperty("static.sensitivity.threshold")); + System.out.println(FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD); } catch (Exception e) { e.printStackTrace(); }