Audit, analyze syslog, new detectors, sniff command enriched

vsilent · vsilent · commit 3438805efe8d · 2026-04-07T13:48:40.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.2] - 2026-04-07
+
 ### Fixed
 
 - **CLI startup robustness** — `.env` loading is now non-fatal.
@@ -19,6 +21,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- **Expanded detector framework** with additional log-driven detection coverage.
+  - Reverse shell, sensitive file access, cloud metadata / SSRF, exfiltration chain, and secret leakage detectors.
+  - file integrity monitoring with SQLite-backed baselines via `STACKDOG_FIM_PATHS`.
+  - configuration assessment via `STACKDOG_SCA_PATHS`.
+  - package inventory heuristics via `STACKDOG_PACKAGE_INVENTORY_PATHS`.
+  - Docker posture audits for privileged mode, host namespaces, dangerous capabilities, Docker socket mounts, and writable sensitive mounts.
+
+- **Improved syslog ingestion**
+  - RFC3164 and RFC5424 parsing in file-based log ingestion for cleaner timestamps and normalized message bodies.
+
 #### Log Sniffing & Analysis (`stackdog sniff`)
 - **CLI Subcommands** — Multi-mode binary with `stackdog serve` and `stackdog sniff`
   - `--once` flag for single-pass mode
@@ -76,6 +88,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Refactored `main.rs` to dispatch `serve`/`sniff` subcommands via clap
 - Added `events`, `rules`, `alerting`, `models` modules to binary crate
 - Updated `.env.sample` with `STACKDOG_LOG_SOURCES`, `STACKDOG_AI_*` config vars
+- Version metadata updated to `0.2.2` across Cargo, the web package manifest, and current release documentation.
 
 ### Testing
 
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "stackdog"
-version = "0.2.1"
+version = "0.2.2"
 authors = ["Vasili Pascal <info@try.direct>"]
 edition = "2021"
 description = "Security platform for Docker containers and Linux servers"
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -1,7 +1,7 @@
 # Stackdog Security - Development Plan
 
-**Last Updated:** 2026-03-13  
-**Current Version:** 0.2.0  
+**Last Updated:** 2026-04-07  
+**Current Version:** 0.2.2  
 **Status:** Phase 2 In Progress
 
 ## Project Vision
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Stackdog Security
 
-![Version](https://img.shields.io/badge/version-0.2.1-blue.svg)
+![Version](https://img.shields.io/badge/version-0.2.2-blue.svg)
 ![License](https://img.shields.io/badge/license-MIT-green.svg)
 ![Rust](https://img.shields.io/badge/rust-1.75+-orange.svg)
 ![Platform](https://img.shields.io/badge/platform-linux%20%7C%20macos%20%7C%20windows-lightgrey.svg)
@@ -53,7 +53,7 @@ curl -fsSL https://raw.githubusercontent.com/vsilent/stackdog/main/install.sh |
 
 Pin a specific version:
 ```bash
-curl -fsSL https://raw.githubusercontent.com/vsilent/stackdog/main/install.sh | sudo bash -s -- --version v0.2.1
+curl -fsSL https://raw.githubusercontent.com/vsilent/stackdog/main/install.sh | sudo bash -s -- --version v0.2.2
 ```
 
 If your repository has no published stable release yet, use `--version` explicitly.
diff --git a/VERSION.md b/VERSION.md
@@ -1 +1 @@
-0.2.1
+0.2.2
diff --git a/docs/INDEX.md b/docs/INDEX.md
@@ -1,7 +1,7 @@
 # Stackdog Security - Documentation Index
 
-**Version:** 0.2.0  
-**Last Updated:** 2026-03-13  
+**Version:** 0.2.2  
+**Last Updated:** 2026-04-07  
 
 ---
 
diff --git a/install.sh b/install.sh
@@ -3,7 +3,7 @@
 #
 # Usage:
 #   curl -fsSL https://raw.githubusercontent.com/vsilent/stackdog/main/install.sh | sudo bash
-#   curl -fsSL https://raw.githubusercontent.com/vsilent/stackdog/main/install.sh | sudo bash -s -- --version v0.2.0
+#   curl -fsSL https://raw.githubusercontent.com/vsilent/stackdog/main/install.sh | sudo bash -s -- --version v0.2.2
 #
 # Installs the stackdog binary to /usr/local/bin.
 # Requires: curl, tar, sha256sum (or shasum), Linux x86_64 or aarch64.
@@ -73,7 +73,7 @@ resolve_version() {
   fi
 
   if [ -z "$TAG" ]; then
-    error "Could not determine latest release. Create a GitHub release, or specify one with --version (e.g. --version v0.2.0)."
+    error "Could not determine latest release. Create a GitHub release, or specify one with --version (e.g. --version v0.2.2)."
   fi
 
   VERSION="$(echo "$TAG" | sed 's/^v//')"
@@ -136,7 +136,7 @@ main() {
         echo "Install stackdog binary to ${INSTALL_DIR}."
         echo ""
         echo "Options:"
-        echo "  --version VERSION   Install a specific version (e.g. v0.2.0)"
+        echo "  --version VERSION   Install a specific version (e.g. v0.2.2)"
         echo "  --help              Show this help"
         exit 0
         ;;
diff --git a/web/package.json b/web/package.json
@@ -1,7 +1,7 @@
 {
   "name": "stackdog-web",
   "description": "Stackdog Security Web Dashboard",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "scripts": {
     "start": "cross-env REACT_APP_VERSION=$npm_package_version webpack serve --mode development",
     "build": "cross-env REACT_APP_VERSION=$npm_package_version webpack --mode production",

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "stackdog-web",`
`3`	`3`	`"description": "Stackdog Security Web Dashboard",`
`4`		`- "version": "0.2.1",`
	`4`	`+ "version": "0.2.2",`
`5`	`5`	`"scripts": {`
`6`	`6`	`"start": "cross-env REACT_APP_VERSION=$npm_package_version webpack serve --mode development",`
`7`	`7`	`"build": "cross-env REACT_APP_VERSION=$npm_package_version webpack --mode production",`