Watcher 1.4 has reached beta state on the development platform Centos 7.
Service environment [EL7]
| Service | Type | Revision | Comment |
| Login | sshd | 7.4p1 (OpenSSH-server) | |
| MTA | Postfix | 2.10.1 | Rebuilt from src.rpm with Postgresql support |
| Mailbox (POP/IMAP/LMTP) | dbmail | 3.2.3 | Built from src.rpm |
| WEB server (httpd) | apache | 2.4.6 |
Operational basics [EL7]
| System component | Revision | Comment | |
| bash | 4.2 | ||
| awk | 4.0.2 | ||
| coreutils | 8.22 | ||
| util-linux | 2.23.2 | ||
| iptables | 1.4 | ||
| ipset | 7.1 | ||
| syslog-ng | 3.5.6 | 'rsyslog' was removed due to flaws; replaced by 'syslog-ng' | |
| sqlite | 3.7.17 | For the module's databases |
Testbed for 1.4
Going from here I have provided some test environments on several virtual machines in order to check fitness on all supported platforms for Watcher 1.4
| RHEL & clones | |||
| Name | Revision | State | Release ready |
| RHEL | 9.2 | ongoing | |
| Rocky Linux | 9.2 | ongoing | |
| Alma Linux | 9.2 | ongoing | |
| Oracle Linux1) | 9.2 | pending | |
| Debian & offsprings | |||
| Name | Revision | State | Release ready |
| Debian | 11 | pending | |
| Ubuntu (server) | 22.4.2 (LTS) | pending | |
| SuSE SLES & LEAP | |||
| Name | Revision | State | Release ready |
| SLES | 15 (SP4) | pending | |
| OpenSuSE LEAP | 15.4 | pending | |
1) Oracle makes the download link for a network installation a secret. So installing Oracle Linux failed so far. Oracle Linux is also not provided by 'root server' providers for installation; so it is rather hypothetical.
Service environment (EL9]
| Service | Type | Revision | Comment |
| Login | sshd | 8.7p1 (OpenSSH-server) | |
| MTA | Postfix | 3.5.9 | Postgresql support available but in a separate package |
| Mailbox (POP/IMAP/LMTP) | dbmail | 3.3.1 | |
| WEB server (httpd) | apache | 2.4.53 |
There are many changes between EL7 & EL9 in the operational basics.
Operational basics [EL9]
| System component | EL7 Revision | EL9 revision |
Comment |
| bash1) | 4.2 | 5.1.8 | |
| awk | 4.0.2 | 5.1.0 | |
| coreutils | 8.22 | 8.32-34 | |
| util-linux | 2.23.2 | 2.37.4 | coming now in 3 parts: util-linux, util-linux-core, util-linux-user |
| iptables | 1.4 | 1.8.8 | 'nft' support in the new revision |
| ipset | 7.1 | 7.11 | |
| syslog-ng | 3.5.6 | 3.35.1 | 'rsyslog' removed due to flaws; replaced by 'syslog-ng' |
| sqlite | 3.7.17 | 3.34 | For the module's databases |
1)Adaption to Bash V5 is probably coming with a final Watcher 1.5 release, which will be the last release of the Watcher V1 series based on the 'xtables' firewall.
There will be no changes in the bash coding to keep it compatible with bash V4 on still-running older platforms like EL7. Watcher 1.4 will be the last revision that runs on platforms with bash V4.
Outlook to Watcher-II ...
Development of Watcher-II (2.x) will start after EOL of CentOS-7 (End of December 2023); preparation based on Alma-Linux-9 is ongoing. Watcher-II (2.x) will be based on a 'netfilter-tables' (nft) firewall and the coding base will be Bash V5 and the other new revisions of the operational basics outlined above.
The good news is, that with relation to NFT, the firewalld will be supported as well as custom NFT firewall setups.
