Loading...
 
Skip to main content

Watcher master

The Watcher Master is the core and framework of the system.

It also provides the library for the surrounding dynloaders and optional modules to have a common functionality at hand.

As the core provider it provides:

  • Init script for start-up and shutdown  (Watcher.init) which will be linked to /etc/init.d/ as 'watcher'
  • the actual master program 'watcher'
  • the firewall loader (FillFW)
  • initial 'whitelist' and 'blacklist' files (manually maintained)
  • Sample dynloaders for 'SpamHaus DROP' & 'NixSpam' are included
  • The modules:
    • LG (login/sshd),
    • MX (mail transport) and its sub-module MB (mailbox access)
    • WB (Web server; httpd)

It also provides the common pool directory "./Pool" where other components like dyloaders and modules can workout their specific "Loadfile-xxxx" before the Firewall Filler FILLFW triggers the dynloaders & modules to load their exclusive IPSETs before the modules are started.

For systems that provide it (linux usualy does) it generates a RAM-Disk and mounts it onto the load-pool to speed up the initial load process significantly.

Since revision 1.2 the Watcher master also provides a collection of IPSETs to speed-up the modules if they dynamically provide a firewall DROP, since they detected any kind of attack from an incoming IP address.

Finally the Watcher master provides with "Watcher-Report" a rudimentary report tool that can be called manually or  from CRON to achieve a regular report of attackers that were reported by dynloaders & modules and the amount and class of attackers, that are currently in the firewall and stored in the modules' databases.

Each module has a statictic program (StatLG, StatMX, StatWB) that writes statistics files in CSV format and mails these to a configurable target email address. At the target these CSV files can easily being loaded into a spreadsheet program (EXCEL, LibreOffice-CALC) to view the results of your efforts.

For easy installation the Watcher Master provides a 'Prep' routine, that determines the system on which Watcher is running and automatically writes a 'system.conf' files that is shared by all components & utility programs in the Watcher framework. The Prep routine also automatically establishes the startup services on your particular system.

As of release 1.3 the following systems are supported:

  • RHEL 7 and clones (Centos 7) (development platform)
  • RHEL 8 and clones
    • CentOS 8
    • Alma Linux
    • Oracle Linux
    • Rocky Linux (upcomming; ~Q4/2021)
  • Debian and offsprings ... (tested with Debian 10)
    • e.g. Ubuntu ... (tested with Ubuntu 20.04)
  • SuSE Linux Enterise Server (SLES) & openSuSE Leap ... (tests pending)
    (with 'iptables', 'iptables-services' & 'ipset'; see docs on how to adopt 'iptables-services' from any RHEL 8 distribution)