Watcher master

The Watcher Master is the core and framework of the system.

It also provides the library for the surrounding dynloaders and optional modules to have a common functionality at hand.

As the core provider it provides:

  • Init script for start-up and shutdown  (Watcher.init) which will be linked to /etc/init.d/ as 'watcher'
  • the actual master program 'watcher'
  • the firewall loader (FillFW)
  • initial 'whitelist' and 'blacklist' files (manually maintained)
  • Sample dynloaders for 'SpamHaus DROP' & 'NixSpam' are included
  • The modules:
    • LG (login/sshd),
    • MX (mail transport) and its sub-module MB (mailbox access)
    • WB (Web server; httpd)

It also provides the common pool directory "./Pool" where other components like dyloaders and modules can workout their specific "Loadfile-xxxx" before the Firewall Filler FILLFW triggers the dynloaders & modules to load their exclusive IPSETs before the modules are started.

For systems that provide it (linux usualy does) it generates a RAM-Disk and mounts it onto the load-pool to speed up the initial load process significantly.

Since revision 1.2 the Watcher master also provides a collection of IPSETs to speed-up the modules if they dynamically provide a firewall DROP, since they detected any kind of attack from an incoming IP address.

Finally the Watcher master provides with "Watcher-Report" a rudimentary report tool that can be called manually or  from CRON to achieve a regular report of attackers that were reported by dynloaders & modules and the amount and class of attackers, that are currently in the firewall and stored in the modules' databases.

Each module has a statictic program (StatLG, StatMX, StatWB) that writes statistics files in CSV format and mails these to a configurable target email address. At the target these CSV files can easily being loaded into a spreadsheet program (EXCEL, LibreOffice-CALC) to view the results of your efforts.

For easy installation the Watcher Master provides a 'Prep' routine, that determines the system on which Watcher is running and automatically writes a 'system.conf' files that is shared by all components & utility programs in the Watcher framework. The Prep routine also automatically establishes the startup services on your particular system.

As of release 1.3 the following systems are supported:

  • RHEL 7 and clones (Centos 7) (development platform)
  • RHEL 8 and clones
    • CentOS 8
    • Alma Linux
    • Oracle Linux
    • Rocky Linux (upcomming; ~Q4/2021)
  • Debian and offsprings ... (tested with Debian 10)
    • e.g. Ubuntu ... (tested with Ubuntu 20.04)
  • SuSE Linux Enterise Server (SLES) & openSuSE Leap ... (tests pending)
    (with 'iptables', 'iptables-services' & 'ipset'; see docs on how to adopt 'iptables-services' from any RHEL 8 distribution)