DBShield is a Database Firewall written in Go that has protection for MySQL/MariaDB, Oracle and PostgreSQL databases. It works in a proxy fashion inspecting traffic and dropping abnormal queries after a learning period to populate the internal database with regular queries.
Learning mode lets any query pass but it records information about it (pattern, username, time and source) into the internal database.
After collecting enough patterns we can run DBShield in protect mode. Protect mode can distinguish abnormal query pattern, user and source and take action based on configurations.
It currently supports DB2, MariaDB, MySQL, Oracle & PostgreSQL all with SSL apart from Oracle and DB2.
Installation
Get it:
1 |
$ go get -u github.com/nim4/DBShield |
Then you can see help using “-h” argument:
1 2 3 4 5 6 7 8 9 10 11 |
$ $GOPATH/bin/DBShield -h DBShield 1.0.0-beta3 Usage of DBShield: -a get list of abnormal queries -c file config file (default "/etc/dbshield.yml") -h show help -k show parsed config and exit -l get list of captured patterns -version show version |
and run it with your configuration, like:
1 |
$ $GOPATH/bin/DBShield -c config.yml |
You can download DBShield here:
Or read more here.