Watcher-History

Roadmap

The roadmap depends essentially on the "End-of-Lifetime" (EOL) of the supported distribution.

The EOL of distributions is declared by the providers as follows:

Distribution EOL
Distribution LTS Full support Maintenance end (EOL)
  RedHat Enterprise Linux & Clones  
 RHEL 7  10 years   2024
 RHEL 8  10 years   2029
 Centos 7  10 years   2024, June
 Centos 8  *1) see below   2021, December
 Alma Linux RHEL 8  10 years   2029
 ORACLE Linux 7  10 years   2024
 ORACLE  Linux 8  10 years   2029, July
 Rocky Linux *2) see below   2029
   SuSE Linux Enterise Server (SLES) & Open SuSE "Leap"  
 SLES 12   - 2024, Oct
 SLES 15   - 2028, July
 Open SuSE "Leap"  36 Month -  
  Debian LTS & offsprings (e.g. Ubuntu)  
 Debian 9 LTS  24 months - ~2022, June
 Debian 10 LTS  24 months - ~2024, June
 Ubuntu 14.4 LTS  8 years 2019, April 2022, April
 Ubuntu 16.4. LTS  8 years 2021, April 2024, April
 Ubuntu 18.4. LTS  8 years 2023, April 2028, April
 Ubuntu 20.4. LTS 10 years 2025, April 2030, April

Notes:

  1. IBM has bought RedHat in Oct-2019. The CentOS rendition was taken over by RedHat years before. Meanwhile RedHat has changed policy and has turned CentOS-8 into a 'rolling release'; i.e. no longer 'long-term support'. A CentOS-9 cannot be expected.
    So CentOS -as it was before- can be taken as dead.

  2. Rocky Linux is the successor of CentOS. The former CentOS community (lead by Gregory M. Kurtzer) started the whole thing new by the name 'Rocky Linux'. Currently the infrastructure is not completely rebuilt and by the time of this writing - only test distributions are available. (First 'beta' in Apr-2021). Since end of June 2021 Rocky Linux 8.4 is officially released and available for download and installation.

 

Watcher ... were it comes from and where it is going to ...

Revision  Milestone Year  State
  History    
0.1
-0.9

Organized as a 'Hardening tool' by a monolytic Bash script "WatchFW".

Started on SuSE Linux  9.7 and ported to Centos 6 (Rev. 0.5) and later to Centos 7 (Rev. 0.8)

Tracking of security logs (sshd) and MTA (mail server) access by asyncronous scans and 'tail reading' of service log files. The firewall loads after system (re)starts took hours as the list of 'bandits' grows to several ten-thousands.

After a provider & server change in 2018 it still took 10-15 minutes to push all 'bandit' lists into the firewall.

~2013

 

unpublished

Historic
  Revision 1    

1.0

 

Monolytic script (WatchFW) for login tracking and later 'maillog' tracking to determine burglars and attackers accessing the 'login service' & 'mail transport service' to keep burglars and SPAMers away.

  • Introduded 'Realtime Intrusion Detection' by direct feed from the system logger through FIFOs ('named pipes') into exclusive channels for each scanner.
  • Introduced recording of detected 'bandits' into exclusive databases which resulted in evenly and predictable processing times.

Tested on Centos 7.

~2016

 

 unpublished
Historic

 1.2

 
  • Speedups to load the firewall in seconds(!)
    This was chiefly accomplished by use of AWK scripting.
  • Fully modularized into:
    • 'Watcher Master' (startup service & library)
    • Modules:
      • WatchLG (login scanner module)
      • WatchMX/WatchMB (MTA log & Mailbox access scanner)
    • DynLoader:
      • SpamHaus
      • NixSpam
  • Dynamic rules for modules
  • Partially introduced IPSETs for 'global dropping' from modules
    • timed ipset 'tarpit' (60 seconds per failed login or SPAM attempt)
    • permanent ipset 'custody' (to lockout bandits that exeed their 'affairs' limit)

~2019

 

published

Production

(Available thru the online-shop)

Only for EL7 (e.g. CentOS-7)

1.3

 
  • Fully based on IPSETs  (already working perfectly)
    • now modules work fully dynamic and create their IPSETs on-the-fly
    • Lighting fast database expiration without affecting kernel's xtables with any 'wait cycles'
  • Tremendous speedups due to massive code consolidation and re-work of the dynamic filter system
  • Will come with a 'WEB service' module "WatchWB"
  • Adaption for Debian-like (e.g. Ubuntu) & SuSe-like systems (SLES & LEAP)

 ~2021

October

unpublished

Testing

Release candidate RC1 available for registered users (7-Sep-2021)

Release candidate RC2 available for registered users (15-Nov-2021)

1.3.0

 

Released the 'complete package' including master & all modules

 

2021/12

 

Available in the online shop as 'donationware' for a small donation as 'price'

1.3.1

 

Integrated GEOIP

Tremendous reduction of attacks that keeps the memory footprint & databases small.

See https://watcher.comserve-it-services.de/News in the public Watcher Community News.

2022/02

 

(beta testing)

Available in the 'nightly' package of the Watcher repository

1.3.2

(1.4/beta)

Confined 1.3.1 and added a dynloader 'geo' and a (pseudo-)module 'GeoTrack'

The dynloader picks up the excellent data from 'ipdeny.com' from 'aggregated zone files' with CIDRs (complete sub-nets) assorted by countries.

The (pseudo-)module 'GeoTrack' collects the 'affairs' from the initial registration section of the regular modules "Watch-LG|MX/MB|WB" one-by-one and so only blocks malicious IP addresses, that are really attacking your server.

  

Currently testing. Release planned for Q3/'23.

Available in the 'nightly' package of the public Watcher repository.

 
1.? Maybe ... if the community comes up with wishes and requests    
       
  Revision 2 (Outlook Watcher-II)
    

2.0

 

With Rev. 2 Watcher will fully switch to 'Net Filter Tables' (nftables; NFT)

NFT integrates:

  • iptables & ip6tables,
  • arptables,
  • ebtables
  • integrates sets similar to 'ipset'

So there is only one user-space tool 'nft'  that does the jobs of formerly a real bunch of separate tools. Due to the integration of IPV4 & IPV6 into a new address family 'inet' it is much easier to extend Watcher to IPV6 which will probably come with Watcher 2.1 in the future.

Net-Filter-Tables comes with an completely different syntax and structure. The configuration files are 'block structured'. All the integration endevours created a pretty complex 'command language construction' that takes quite some re-writing  and re-organisation in the Watcher code.

For more detailed explanations about 'nftables' refer to the following links:

 

~2024

 

 Planing

First tests started on RHEL-9 clone Alma-Linux
--Nicht angemeldet--
Watcher 1.4 is in the works!
Find a preview here ...
 
2023-09-28: Watcher V1.4-RC1 released
... available here
 
2023-12-03: Watcher V1.4-RC2 released
... available here
 
 
Watcher-II (V2) trials started!

On a virtual machine running with Alma-Linux 9.x I made first transition attempts to promote xtables/iptables to nftables. The results look good so far.

The good news is, that the 'firewalld' will be supported out-of-the-box, and a 'custom nft setup' just takes a few tweaks.
Dieses System verwendet Cookies, weil das für den Betrieb eines Online-Shops unverzichtbar ist. Ich verstehe, dass Cookies auf meinem Computer Notizen über den Kontakt mit der besuchten WEB-Seite(n) hinterlegen und akzeptiere dies.
Akzeptiert. Verweigert