github.com/qiwihui/DBShield@v0.0.0-20171107092910-fb8553bed8ef/README.md (about)

     1  [![Linux](https://travis-ci.org/nim4/DBShield.svg?branch=master "Linux")](https://travis-ci.org/nim4/DBShield)
     2  [![Windows](https://ci.appveyor.com/api/projects/status/github/nim4/DBShield?branch=master&svg=true "Windows")](https://ci.appveyor.com/project/nim4/DBShield/branch/master)
     3  [![Go Report Card](https://goreportcard.com/badge/github.com/nim4/DBShield)](https://goreportcard.com/report/github.com/nim4/DBShield)
     4  [![codecov](https://codecov.io/gh/nim4/DBShield/branch/master/graph/badge.svg)](https://codecov.io/gh/nim4/DBShield)
     5  [![Dev chat](https://img.shields.io/badge/gitter-chat-20cc20.svg "Dev chat")](https://gitter.im/DBShield/Lobby)
     6  [![GoDoc](https://godoc.org/github.com/nim4/DBShield?status.svg)](https://godoc.org/github.com/nim4/DBShield)
     7  [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/nim4/DBShield/master/LICENSE)
     8  # DBShield
     9  
    10  Protects your data by inspecting incoming queries from your application server and rejecting abnormal ones.
    11  
    12  
    13  ---
    14  ## How it works?
    15  
    16  For example, this is how web server normally interacts with database server:
    17  
    18  ![Sample Web Server and DB](https://raw.githubusercontent.com/qiwihui/DBShield/master/misc/how_01.png)
    19  
    20  By adding DBShield in front of database server we can protect it against abnormal queries. To detect abnormal queries we first run DBShield in learning mode. Learning mode lets any query pass but it records information about it (pattern, username, time and source) into the internal database.
    21  
    22  ![Learning mode](https://raw.githubusercontent.com/qiwihui/DBShield/master/misc/how_02.png)
    23  
    24  
    25  After collecting enough patterns we can run DBShield in protect mode. Protect mode can distinguish abnormal query pattern, user and source and take action based on configurations.
    26  
    27  ![Protect mode](https://raw.githubusercontent.com/qiwihui/DBShield/master/misc/how_03.png)
    28  
    29  ---
    30  ## Demo
    31  For demo, we are using [sqlmap](https://github.com/sqlmapproject/sqlmap)(automatic SQL injection and database takeover tool) to exploit the SQL injection vulnerability at `user.php`
    32  
    33  In the first scenario, the sqlmap successfully exploits the SQL injection when web application connected directly to the database(MySQL), In the second scenario, we modify the `user.php` so DBShield gets between the web application and database which will drop the injection attempt and make sqlmap fail.
    34  
    35  ![Demo](misc/demo.gif)
    36  ---
    37  
    38  ## Sample Outputs
    39  
    40  **CLI**
    41  
    42  ```
    43  $ go run main.go
    44  2016/10/15 16:25:31 [INFO]  Config file: /etc/dbshield.yml
    45  2016/10/15 16:25:31 [INFO]  Internal DB: /tmp/model/10.0.0.21_postgres.db
    46  2016/10/15 16:25:31 [INFO]  Listening: 0.0.0.0:5000
    47  2016/10/15 16:25:31 [INFO]  Backend: postgres (10.0.0.21:5432)
    48  2016/10/15 16:25:31 [INFO]  Protect: true
    49  2016/10/15 16:25:31 [INFO]  Web interface on https://127.0.0.1:8070/
    50  2016/10/15 16:25:33 [INFO]  Connected from: 10.0.0.20:35910
    51  2016/10/15 16:25:33 [INFO]  Connected to: 10.0.0.21:5432
    52  2016/10/15 16:25:33 [INFO]  SSL connection
    53  2016/10/15 16:25:34 [DEBUG] Client handshake done
    54  2016/10/15 16:25:34 [DEBUG] Server handshake done
    55  2016/10/15 16:25:34 [INFO]  User: postgres
    56  2016/10/15 16:25:34 [INFO]  Database: test
    57  2016/10/15 16:25:34 [INFO]  Query: SELECT * FROM stocks where id=-1 or 1=1
    58  2016/10/15 16:25:34 [WARN]  Pattern not found: [53 55 51 52 55 52 50 53 55 51 53 49 115 116 111 99 107 115 53 55 51 53 50 105 100 54 49 52 53 53 55 51 55 57 53 55 52 48 52 53 55 51 55 57 54 49 53 55 51 55 57] (SELECT * FROM stocks where id=-1 or 1=1)
    59  2016/10/15 16:25:34 [WARN]  Dropping connection
    60  ```
    61  
    62  
    63  **Web Interface**
    64  
    65  ![Web UI](https://raw.githubusercontent.com/qiwihui/DBShield/master/misc/graph.png)
    66  
    67  ---
    68  ## Installation
    69  
    70  Get it
    71  ```
    72  $ go get -u github.com/qiwihui/DBShield
    73  ```
    74  
    75  Then you can see help using "-h" argument:
    76  ```
    77  $ $GOPATH/bin/DBShield -h
    78  DBShield 1.0.0-beta3
    79  Usage of DBShield:
    80    -a	get list of abnormal queries
    81    -c file
    82        config file (default "/etc/dbshield.yml")
    83    -h	show help
    84    -k	show parsed config and exit
    85    -l	get list of captured patterns
    86    -version
    87        show version
    88  ```
    89  
    90  and run it with your configuration, like:
    91  ```
    92  $ $GOPATH/bin/DBShield -c config.yml
    93  ```
    94  see [sample configuration  file](https://github.com/qiwihui/DBShield/blob/master/conf/dbshield.yml)
    95  
    96  
    97  >:warning: **WARNING:**
    98  > Do NOT use default certificates in production environments!
    99  
   100  
   101  ---
   102  ## Supports:
   103  
   104  | Database     | Protect | SSL |
   105  |:------------:|:-------:|:---:|
   106  | **DB2**   | ![Yes][YesImg] | ![No][NoImg]  |
   107  | **MariaDB**  | ![Yes][YesImg] | ![Yes][YesImg] |
   108  | **MySQL**    | ![Yes][YesImg] | ![Yes][YesImg] |
   109  | **Oracle**   | ![Yes][YesImg] | ![No][NoImg]  |
   110  | **Postgres** | ![Yes][YesImg] | ![Yes][YesImg] |
   111  
   112  ---
   113  ## To Do
   114  
   115  (Sorted by priority)
   116  
   117   - Improve documentation
   118   - Add Microsoft SQL Server
   119   - Add more command-line arguments
   120   - Get 90% test coverage
   121   - Support Oracle SSL
   122  
   123   [YesImg]: https://raw.githubusercontent.com/qiwihui/DBShield/master/misc/yes.png
   124   [NoImg]: https://raw.githubusercontent.com/qiwihui/DBShield/master/misc/no.png