The Watcher Master is the core and framework of the system.
It also provides the library for the surrounding dynloaders and optional modules to have a common functionality at hand.
As the core provider it provides:
- Init script for start-up and shutdown (Watcher.init) which will be linked to /etc/init.d/ as 'watcher'
- the actual master program 'watcher'
- the firewall loader (FillFW)
- initial 'whitelist' and 'blacklist' files (manually maintained)
- Sample dynloaders for 'SpamHaus DROP' & 'NixSpam' are included
- The modules:
- LG (login/sshd),
- MX (mail transport) and its sub-module MB (mailbox access)
- WB (Web server; httpd)
It also provides the common pool directory "./Pool" where other components like dyloaders and modules can workout their specific "Loadfile-xxxx" before the Firewall Filler FILLFW triggers the dynloaders & modules to load their exclusive IPSETs before the modules are started.
For systems that provide it (linux usualy does) it generates a RAM-Disk and mounts it onto the load-pool to speed up the initial load process significantly.
Since revision 1.2 the Watcher master also provides a collection of IPSETs to speed-up the modules if they dynamically provide a firewall DROP, since they detected any kind of attack from an incoming IP address.
Finally the Watcher master provides with "Watcher-Report" a rudimentary report tool that can be called manually or from CRON to achieve a regular report of attackers that were reported by dynloaders & modules and the amount and class of attackers, that are currently in the firewall and stored in the modules' databases.
Each module has a statictic program (StatLG, StatMX, StatWB) that writes statistics files in CSV format and mails these to a configurable target email address. At the target these CSV files can easily being loaded into a spreadsheet program (EXCEL, LibreOffice-CALC) to view the results of your efforts.
For easy installation the Watcher Master provides a 'Prep' routine, that determines the system on which Watcher is running and automatically writes a 'system.conf' files that is shared by all components & utility programs in the Watcher framework. The Prep routine also automatically establishes the startup services on your particular system.
As of release 1.3 the following systems are supported:
- RHEL 7 and clones (Centos 7) (development platform)
- RHEL 8 and clones
- CentOS 8
- Alma Linux
- Oracle Linux
- Rocky Linux (upcomming; ~Q4/2021)
- Debian and offsprings ... (tested with Debian 10)
- e.g. Ubuntu ... (tested with Ubuntu 20.04)
- SuSE Linux Enterise Server (SLES) & openSuSE Leap ... (tests pending)
(with 'iptables', 'iptables-services' & 'ipset'; see docs on how to adopt 'iptables-services' from any RHEL 8 distribution)