About Watcher

  • Watcher is what we call a 'superordinated firewall manager' for Linux systems. It fills your firewall at system start-up or after reboot lightning-fast with DROPs taken from local lists, external resources (dynloaders) or from exclusive databases of the service-specific modules.

  • Optional Watcher modules conduct intrusion detection in realtime, fill the firewall autonomously and track attackers in exclusive databases for rapid restore after system startup and/or reboot.

  • Watcher does not need any compiliation or fancy 3rd-party scripting languages and runtime environments, since it uses only 'onboard tools' (bash, awk, grep, ...) of the operating system that came with the system installation.

  • List processing is widely given into hands of AWK ("the chainsaw for text") scripts that works a hundred times faster than shell scripts.

  • The modules use Sqlite databases for storage and retrieval of attackers, since use of linear files might slow down the system as such files grow to a couple of thousands. With databases the time is predictable and access to every record is fast.

For detailed information on how Watcher is designed see the Watcher concepts wiki page.