Watcher master installation

As of version 1.3 Watcher comes as a 'complete package'

The package includes all Watcher components:

  • Watcher Master (framework, libraries & startup service)
    • DynLoaders
      • NixSpam
      • SpamHaus DROP
    • Modules
      • Module LG, WatchLG (Login tracker, SSHD)
      • Module MX, WatchMX & the companion Module MB WatchMB (MTA & Mailbox)
      • Module WB, WatchWB to prevent WEB services from attacks

This section covers the installation of the Watcher Master as the basis for all other Watcher processes namely the modules which have their installation explained in another section of the documentation.

the Watcher master is stored under a relative directory "Watcher/". All programs are self-aware and determine from where they are started in relation to the Watcher $MASTER_PATH which can be anywhere on your filesystem:

  • /opt/Watcher/...            if unpacked in /opt/...
  • /usr/local/Watcher/...   if unpacked in /usr/local/..
  • /root/bin/Watcher/...    or /root/bin/... provided there is enough space on your root-file-system 

So just make your choice where to unpack the Watcher master unpack the delivery file with:

       tar xvf Watcher.tar

Then change to the master directory::

       cd Watcher

From here you can start the integration with your individual system. To make things easier for the initial preparation we have provided the ./Prep script in the installation path that checks for some essential
components and links "Watcher.init" to your /etc/init.d/... as 'watcher'.

The Prep routine leads you through the system determination and checks for system components (BASH, AWK, GREP, ,..) and tools (iptables, ipset, dig, ipcalc, ..) that the Watcher master, modules & dynloaders are using. If Prep was going through succesfully your Watcher installation is prepared for operation. The system determination phasis automatically creates the 'system.conf' file which holds essential variables about your particular system (RHEL, DEBIAN, SuSE, ...)

Before Watcher can be started after installation some configuration files must be set up manually for your individual environment.

These conf-files are:

  • watcher.conf
    • essential variables for the watcher framework
  • common.conf
    • Variables that are common for all dynloaders, modules & utility programs
  • loader.conf
    • list for 'initial loaders' to call in order to do the 'initial firewall load'

Do not start watcher, if you did not step through these basic configuration files.

If the basic configuration is done, the 'watcher' service can be started:

                   # /etc/init.d/watcher {start | stop | restart | reload}
  ... or ...      # service watcher {start | stop | restart | reload}
  ... or ...      # systemctl start watcher

The options start, stop & restart are self explaining

* start
Start the watcher watcher service. This assumes that 'iptables' is already started
* stop
Does a 'killall' for all the modules below the ./modules/... path
* restart
Simply does a 'stop' & 'start' sequence to restart only the watcher service

* reload
Is a special case to trigger the watcher just to rebuild a firewall flush files to rebuild the firewall from ground up.
I.e. Watcher and the iptables-service are both stopped which clears the firewall entirely. Then the iptables-service is started first followed by a start of the watcher service.