What's Changed
Security fixes
- SSRF protection: Intel enrichment now validates target IPs before fetching
- Shell injection prevention: Port values and remote addresses are sanitized before use
- Safe temp files: Installer uses mkstemp instead of predictable /tmp paths
- API key protection: Intel API keys moved from query strings to headers
Reliability fixes
- Race conditions eliminated: SQLite writes serialized with mutex, table creation uses sync.Once
- Process cleanup: journalctl and tail processes properly waited on exit
- Concurrent enrichment: IP enrichment runs in parallel instead of sequentially
- Error handling: Backfill errors logged, parseTime failures surfaced, pip install errors caught
Installer improvements
- Socket-activated sshd: Handles Ubuntu's ssh.socket correctly
- SSH verify gate: Checks admin SSH access before switching ports
- Port validation: Rejects invalid port numbers early
- Duplicate config fix: Handles existing [ssh] section in cowrie.cfg
Other
- Removed obsolete fix-shardlure-py.sh script
- Added config validation test coverage
- Fixed playbook rune counting for multi-byte characters
Full Changelog: v1.9...v1.10