From 333f0ff2d2fa144a6b9e2b38c95621a353e3628d Mon Sep 17 00:00:00 2001 From: aixiao Date: Wed, 15 Feb 2023 13:48:08 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8E=BB=E9=99=A4aliyun=20IP=E4=BD=8D=E7=BD=AE?= =?UTF-8?q?API,=20=E4=BC=98=E5=8C=96=E5=9C=B0=E5=9F=9F=E8=A7=A3=E6=9E=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- rhost.c | 81 ++++++++++++++++++++---------------------------------- rhost.conf | 3 +- 2 files changed, 31 insertions(+), 53 deletions(-) diff --git a/rhost.c b/rhost.c index 233f8ea..22562b1 100644 --- a/rhost.c +++ b/rhost.c @@ -111,45 +111,19 @@ char *process_json(char *buff, char *api) { char *area = NULL; int area_len = 0; - char *p; + char *p = NULL; + + if (buff == NULL) + { + return NULL; + } cJSON *cjson_init = cJSON_Parse(buff); - if (cjson_init == NULL) { perror("cJSON_Parse"); return NULL; } - - p = strstr(api, "aliyun"); // aliyun Api - if (p) { - cJSON *data = cJSON_GetObjectItem(cjson_init, "data"); - if (data != NULL) { - cJSON *region = cJSON_GetObjectItem(data, "region"); - - if (region) { - cJSON *isp = cJSON_GetObjectItem(data, "isp"); - cJSON *city = cJSON_GetObjectItem(data, "city"); - cJSON *country = cJSON_GetObjectItem(data, "country"); - cJSON *district = cJSON_GetObjectItem(data, "district"); - - area_len = strlen(country->valuestring) + strlen(city->valuestring) + strlen(region->valuestring) + strlen(district->valuestring) + strlen(isp->valuestring); - area = (char *)alloca(area_len + 1); - if (buff == NULL) - perror("out of memory."); - memset(area, 0, area_len + 1); - sprintf(area, "%s%s%s%s%s", isp->valuestring, country->valuestring, city->valuestring, region->valuestring, district->valuestring); - } else { - cJSON *msg = cJSON_GetObjectItem(cjson_init, "msg"); - - area_len = strlen(msg->valuestring); - area = (char *)alloca(area_len + 1); - if (buff == NULL) - perror("out of memory."); - memset(area, 0, area_len + 1); - sprintf(area, "%s", msg->valuestring); - } - } - } else if ((p = strstr(api, "baidu")) != NULL) { // baidu Api + if ((p = strstr(api, "baidu")) != NULL) { // baidu Api int i; cJSON *data = cJSON_GetObjectItem(cjson_init, "data"); @@ -157,24 +131,25 @@ char *process_json(char *buff, char *api) for (i = 0; i < cJSON_GetArraySize(data); i++) { cJSON *svalue = cJSON_GetArrayItem(data, i); cJSON *location = cJSON_GetObjectItem(svalue, "location"); - area_len = strlen(location->valuestring); + area = (char *)alloca(area_len + 1); - if (buff == NULL) + if (area == NULL) perror("out of memory."); memset(area, 0, area_len + 1); - sprintf(area, "%s", location->valuestring); + + snprintf(area, area_len+1, "%s", location->valuestring); } } else { - area = (char *)alloca(270 + 1); - if (buff == NULL) - perror("out of memory."); - memset(area, 0, 270); - - strcpy(area, "获取位置错误!"); + return NULL; } } + else + { + cJSON_Delete(cjson_init); + return NULL; + } cJSON_Delete(cjson_init); return strdup(area); @@ -644,14 +619,9 @@ int rule(conf * conf) memset(URL, 0, conf->REGION_URL_LEN + 32); sprintf(URL, conf->REGION_URL, buffer); - location_json = GET_PUBLIC_IP(URL); - if (location_json == NULL) { - printf("获取地域错误\n"); - goto BLOCKED; - } - + if (conf->IP2REGION == 1) { // ip2region 地址定位库 - printf("使用ip2region!!\n"); + printf("Use ip2region !!!\n"); if (-1 == access(xdb_path, F_OK)) // 判断 ip2region 地址定位库是否存在 { @@ -663,7 +633,6 @@ int rule(conf * conf) } } - area = ip2region(xdb_path, buffer); if (area == NULL) { printf("ip2region解析地域错误\n"); @@ -671,6 +640,12 @@ int rule(conf * conf) } } else { AREA: + location_json = GET_PUBLIC_IP(URL); + if (location_json == NULL) { + printf("获取地域错误\n"); + goto BLOCKED; + } + area = process_json(location_json, conf->REGION_URL); if (area == NULL) { printf("解析地域错误\n"); @@ -680,12 +655,15 @@ AREA: if (isregion(area, region_list) == 1) { - printf("Ip: %s, 地域白名单: %s\n", buffer, area); + printf("Ip Address: %s, 地域白名单: %s\n", buffer, area); continue; } } + + printf("攻击者IP地址:%s, %s\n", buffer, area); + if (conf->IS_DING_WEBHOOK == 1) // 钉钉告警 { @@ -1186,6 +1164,7 @@ goto_daemon: // 扫描病毒前,更新病毒库 update_freshclam(argc, argv); + r = _clamscan(head_argc, head_argvs); virus_files = get_clamav_log("clamscan.log"); diff --git a/rhost.conf b/rhost.conf index 94ca773..2c44707 100644 --- a/rhost.conf +++ b/rhost.conf @@ -23,8 +23,7 @@ global { REGION = 1; // 是否启用地域白名单(1开启,非1关闭) IP2REGION = 1; // 是否使用本地 ip2region 地址定位库(1使用,非1不使用) - //REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8"; // 获取IP地域(aliyun付费API, 弃用) - REGION_URL = "https://api01.aliyun.venuscn.com/ip?ip=%s -H Authorization:APPCODE a1d842b8afda418c8ea24271a4e16b1f"; + REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8"; // 获取IP地域API REGION_LIST = "河南 郑州 上海"; // 地域列表(空格隔开)