Version 0.21
CaledoniaProject
released this
06 Dec 04:33
·
4323 commits
to master
since this release
中文说明
Breaking Changes
- Separation of security baseline vialotion logs
- Make it easier to manage different types of alarm logs
- User must manually remove
rasp/conf/rasp-log4j.xml
prior to agent upgrade
New Features
- Detect LFI/SSRF exploit via jstl-import method
- Add support of DB2 database server
- Only tested on version 9.7 and 10.5
- Security baseline feature enhancements
- Audit database accounts, e.g connect to MySQL with
root
user
- Audit database accounts, e.g connect to MySQL with
- Add slow query detection, e.g read 500+ rows with SELECT statement
- Support TCP syslog transmission
Algorithm improvemnts
- Release SQLi detection algorithm No.2 (configurable)
- Detect stacked queries, e.g
SELECT 123; SELECT 456;
- Detect hex string representations, e.g
load_file(0x41424344)
- Detect OS version number, e.g
/*!12345
- Detect numeric constant comparsion, e.g
SELECT 1 FROM dual WHERE 8778 <> 8778
- Detect usage of blacklisted functions, e.g
load_file
,pg_sleep
, ...
- Detect stacked queries, e.g