security: Implement HIGH priority security improvements
HIGH Priority Security Features:
- Path sanitization with filepath.Clean() for all user paths
- Path traversal attack prevention in backup/restore operations
- Secure config file permissions (0600 instead of 0644)
- SHA-256 checksum generation for all backup archives
- Checksum verification during restore operations
- Comprehensive audit logging for compliance
New Security Module (internal/security/):
- paths.go: ValidateBackupPath() and ValidateArchivePath()
- checksum.go: ChecksumFile(), VerifyChecksum(), LoadAndVerifyChecksum()
- audit.go: AuditLogger with structured event tracking
Integration Points:
- Backup engine: Path validation, checksum generation
- Restore engine: Path validation, checksum verification
- All backup/restore operations: Audit logging
- Configuration saves: Audit logging
Security Enhancements:
- .dbbackup.conf now created with 0600 permissions (owner-only)
- All archive files get .sha256 checksum files
- Restore warns if checksum verification fails but continues
- Audit events logged for all administrative operations
- User tracking via $USER/$USERNAME environment variables
Compliance Features:
- Audit trail for backups, restores, config changes
- Structured logging with timestamps, users, actions, results
- Event details include paths, sizes, durations, errors
Testing:
- All code compiles successfully
- Cross-platform build verified
- Ready for integration testing
Renz
a0e7fd71de