Database Firewall
DBShield is a Database Firewall written in Go that has protection for MySQL/MariaDB, Oracle and PostgreSQL databases. It works in a proxy fashion inspecting traffic and dropping abnormal queries after a learning period to populate the internal database with regular queries.
For example, this is how web server normally interacts with database server:
By adding DBShield in front of database server we can protect it against abnormal queries. To detect abnormal queries we first run DBShield in learning mode. Learning mode lets any query pass but it records information about it (pattern, username, time and source) into the internal database.
After collecting enough patterns we can run DBShield in protect mode. Protect mode can distinguish abnormal query pattern, user and source and take action based on configurations.
Installation
Get it
$ go get -u github.com/nim4/DBShield
Then you can see help using “-h” argument:
$ $GOPATH/bin/DBShield -h
DBShield 1.0.0-beta3
Usage of DBShield:
-a get list of abnormal queries
-c file
config file (default "/etc/dbshield.yml")
-h show help
-k show parsed config and exit
-l get list of captured patterns
-version
show version
and run it with your configuration, like:
$ $GOPATH/bin/DBShield -c config.yml
see sample configuration file
:warning: WARNING: Do NOT use default certificates in production environments!
Supports:
Database Protect SSL
DB2 Yes No
MariaDB Yes Yes
MySQL Yes Yes
Oracle Yes No
Postgres Yes Yes
Download
