Watcher 1.4 has reached the 'pre-production' state on the development platform RHEL-9 (AlmaLinux-9)
Testbed for Watcher 1.4
Going from here, I have provided some test environments on several virtual machines to check fitness on all supported platforms for Watcher 1.4
Testing state
RHEL & clones | |||
Name | Revision | State | Release ready |
RHEL | 9.2 | ongoing | |
Rocky Linux | 9.5 | tests finished | pre-production, ready for production |
Alma Linux | 9.5 | tests finished | pre-production, ready for production |
Oracle Linux1) | 9.2 | pending | no support |
Debian & offsprings | |||
Name | Revision | State | Release ready |
Debian | 12 | tests finished | pre-production, ready for production |
Ubuntu (server) | 24.4.2 (LTS) | tests finished | pre-production, ready for production |
SuSE SLES & LEAP | |||
Name | Revision | State | Release ready |
SLES | 15 (SP4) | canceled | Currently not supported 2) |
OpenSuSE LEAP | 15.6 | canceled | Currently not supported 2) |
1) Oracle makes the download link for a network installation a secret. So, installing Oracle Linux has failed so far. Oracle Linux is also not provided by 'root server' providers for installation, so it is hypothetical.
Service environment [EL9]
Service | Type | Revision | Comment |
Login | sshd | 8.7p1 (OpenSSH-server) | |
MTA | Postfix | 3.5.9 | PostgreSQL support is available, but in a separate package |
Mailbox (POP/IMAP/LMTP) | dbmail | 3.4.1 | |
WEB server (httpd) | apache | 2.4.53 |
There are many changes between EL7 & EL9 in the operational basics.
Operational basics [EL9]
System component | EL7 Revision | EL9 revision |
Comment |
bash1) | 4.2 | 5.1.8 | |
awk | 4.0.2 | 5.1.0 | |
coreutils | 8.22 | 8.32-34 | |
util-linux | 2.23.2 | 2.37.4 | coming now in 3 parts: util-linux, util-linux-core, util-linux-user |
iptables | 1.4 | 1.8.8 | 'nft' support in the new revision |
ipset | 7.1 | 7.11 | |
syslog-ng | 3.5.6 | 3.35.1 | 'rsyslog' was removed due to flaws and replaced by 'syslog-ng' |
sqlite | 3.7.17 | 3.34 | For the module's databases |
1) Adaptation to Bash V5 is probably coming with a final Watcher 1.5 release, which will be the last release of the Watcher V1 series based on the 'xtables' firewall.
There will be no changes in the bash coding to keep it compatible with bash V4 on still-running older platforms like EL7. Watcher 1.4 will be the last revision that runs on platforms with bash V4.
2) Watcher 1.4 is the transitional release and basis for Watcher-II (V2x), which needs BASH-5 and AWK 5. SUSE Linux (SLES and even LEAP-15.6) comes with BASH 4.4 and AWK 4.1, which are both outdated. The only Watcher release supporting outdated BASH and AWK versions is Watcher 1.3. So, SusE-Linux is taken out of support for now.
Outlook to Watcher-II ...
Development of Watcher-II (2.x) will start after EOL of CentOS-7 (End of December 2023); preparation based on Alma-Linux-9 is ongoing. Watcher-II (2.x) will be based on a 'netfilter-tables' (nft) firewall, and the coding base will be Bash5 and the other new revisions of the operational basics outlined above.
The good news is that, regarding NFT, the firewalld and custom NFT firewall setups will be supported.