security: Implement MEDIUM priority security improvements
MEDIUM Priority Security Features: - Backup retention policy with automatic cleanup - Connection rate limiting with exponential backoff - Privilege level checks (warn if running as root) - System resource limit awareness (ulimit checks) New Security Modules (internal/security/): - retention.go: Automated backup cleanup based on age and count - ratelimit.go: Connection attempt tracking with exponential backoff - privileges.go: Root/Administrator detection and warnings - resources.go: System resource limit checking (file descriptors, memory) Retention Policy Features: - Configurable retention period in days (--retention-days) - Minimum backup count protection (--min-backups) - Automatic cleanup after successful backups - Removes old archives with .sha256 and .meta files - Reports freed disk space Rate Limiting Features: - Per-host connection tracking - Exponential backoff: 1s, 2s, 4s, 8s, 16s, 32s, max 60s - Automatic reset after successful connections - Configurable max retry attempts (--max-retries) - Prevents brute force connection attempts Privilege Checks: - Detects root/Administrator execution - Warns with security recommendations - Requires --allow-root flag to proceed - Suggests dedicated backup user creation - Platform-specific recommendations (Unix/Windows) Resource Awareness: - Checks file descriptor limits (ulimit -n) - Monitors available memory - Validates resources before backup operations - Provides recommendations for limit increases - Cross-platform support (Linux, BSD, macOS, Windows) Configuration Integration: - All features configurable via flags and .dbbackup.conf - Security section in config file - Environment variable support - Persistent settings across sessions Integration Points: - All backup operations (cluster, single, sample) - Automatic cleanup after successful backups - Rate limiting on all database connections - Privilege checks before operations - Resource validation for large backups Default Values: - Retention: 30 days, minimum 5 backups - Max retries: 3 attempts - Allow root: disabled - Resource checks: enabled Security Benefits: - Prevents disk space exhaustion from old backups - Protects against connection brute force attacks - Encourages proper privilege separation - Avoids resource exhaustion failures - Compliance-ready audit trail Testing: - All code compiles successfully - Cross-platform compatibility maintained - Ready for production deployment
This commit is contained in:
@@ -29,6 +29,11 @@ type LocalConfig struct {
|
||||
// Performance settings
|
||||
CPUWorkload string
|
||||
MaxCores int
|
||||
|
||||
// Security settings
|
||||
RetentionDays int
|
||||
MinBackups int
|
||||
MaxRetries int
|
||||
}
|
||||
|
||||
// LoadLocalConfig loads configuration from .dbbackup.conf in current directory
|
||||
@@ -114,6 +119,21 @@ func LoadLocalConfig() (*LocalConfig, error) {
|
||||
cfg.MaxCores = mc
|
||||
}
|
||||
}
|
||||
case "security":
|
||||
switch key {
|
||||
case "retention_days":
|
||||
if rd, err := strconv.Atoi(value); err == nil {
|
||||
cfg.RetentionDays = rd
|
||||
}
|
||||
case "min_backups":
|
||||
if mb, err := strconv.Atoi(value); err == nil {
|
||||
cfg.MinBackups = mb
|
||||
}
|
||||
case "max_retries":
|
||||
if mr, err := strconv.Atoi(value); err == nil {
|
||||
cfg.MaxRetries = mr
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -173,6 +193,19 @@ func SaveLocalConfig(cfg *LocalConfig) error {
|
||||
if cfg.MaxCores != 0 {
|
||||
sb.WriteString(fmt.Sprintf("max_cores = %d\n", cfg.MaxCores))
|
||||
}
|
||||
sb.WriteString("\n")
|
||||
|
||||
// Security section
|
||||
sb.WriteString("[security]\n")
|
||||
if cfg.RetentionDays != 0 {
|
||||
sb.WriteString(fmt.Sprintf("retention_days = %d\n", cfg.RetentionDays))
|
||||
}
|
||||
if cfg.MinBackups != 0 {
|
||||
sb.WriteString(fmt.Sprintf("min_backups = %d\n", cfg.MinBackups))
|
||||
}
|
||||
if cfg.MaxRetries != 0 {
|
||||
sb.WriteString(fmt.Sprintf("max_retries = %d\n", cfg.MaxRetries))
|
||||
}
|
||||
|
||||
configPath := filepath.Join(".", ConfigFileName)
|
||||
// Use 0600 permissions for security (readable/writable only by owner)
|
||||
@@ -226,22 +259,34 @@ func ApplyLocalConfig(cfg *Config, local *LocalConfig) {
|
||||
if local.MaxCores != 0 {
|
||||
cfg.MaxCores = local.MaxCores
|
||||
}
|
||||
if cfg.RetentionDays == 30 && local.RetentionDays != 0 {
|
||||
cfg.RetentionDays = local.RetentionDays
|
||||
}
|
||||
if cfg.MinBackups == 5 && local.MinBackups != 0 {
|
||||
cfg.MinBackups = local.MinBackups
|
||||
}
|
||||
if cfg.MaxRetries == 3 && local.MaxRetries != 0 {
|
||||
cfg.MaxRetries = local.MaxRetries
|
||||
}
|
||||
}
|
||||
|
||||
// ConfigFromConfig creates a LocalConfig from a Config
|
||||
func ConfigFromConfig(cfg *Config) *LocalConfig {
|
||||
return &LocalConfig{
|
||||
DBType: cfg.DatabaseType,
|
||||
Host: cfg.Host,
|
||||
Port: cfg.Port,
|
||||
User: cfg.User,
|
||||
Database: cfg.Database,
|
||||
SSLMode: cfg.SSLMode,
|
||||
BackupDir: cfg.BackupDir,
|
||||
Compression: cfg.CompressionLevel,
|
||||
Jobs: cfg.Jobs,
|
||||
DumpJobs: cfg.DumpJobs,
|
||||
CPUWorkload: cfg.CPUWorkloadType,
|
||||
MaxCores: cfg.MaxCores,
|
||||
DBType: cfg.DatabaseType,
|
||||
Host: cfg.Host,
|
||||
Port: cfg.Port,
|
||||
User: cfg.User,
|
||||
Database: cfg.Database,
|
||||
SSLMode: cfg.SSLMode,
|
||||
BackupDir: cfg.BackupDir,
|
||||
Compression: cfg.CompressionLevel,
|
||||
Jobs: cfg.Jobs,
|
||||
DumpJobs: cfg.DumpJobs,
|
||||
CPUWorkload: cfg.CPUWorkloadType,
|
||||
MaxCores: cfg.MaxCores,
|
||||
RetentionDays: cfg.RetentionDays,
|
||||
MinBackups: cfg.MinBackups,
|
||||
MaxRetries: cfg.MaxRetries,
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user