ComServe IT-Services Think IT, Plan IT, Do IT!

Nav view search

Navigation

Watcher-History

Roadmap

The roadmap depends essentially on the "End-of-Lifetime" (EOL) of the supported distribution.

The EOL of distributions is declared by the providers as follows:

Distribution EOL
Distribution LTS Full support Maintenance end (EOL)
  RedHat Enterprise Linux & Clones  
 RHEL 7  10 years   2024
 RHEL 8  10 years   2029
 Centos 7  10 years   2024, June
 Centos 8  *1) see below   2021, December
 Alma Linux RHEL 8  10 years   2029
 ORACLE Linux 7  10 years   2024
 ORACLE  Linux 8  10 years   2029, July
 Rocky Linux *2) see below    2029
   SuSE Linux Enterise Server (SLES) & Open SuSE "Leap"  
 SLES 12   - 2024, Oct
 SLES 15   - 2028, July
 Open SuSE "Leap"  36 Month -  
  Debian LTS & offsprings (e.g. Ubuntu)  
 Debian 9 LTS  24 months - ~2022, June
 Debian 10 LTS  24 months - ~2024, June
 Ubuntu 14.4 LTS  8 years 2019, April 2022, April
 Ubuntu 16.4. LTS  8 years 2021, April 2024, April
 Ubuntu 18.4. LTS  8 years 2023, April 2028, April
 Ubuntu 20.4. LTS 10 years 2025, April 2030, April

Notes:

  1. IBM has bought RedHat in Oct-2019. The CentOS rendition was taken over by RedHat years before. Meanwhile RedHat has changed policy and has turned CentOS-8 into a 'rolling release'; i.e. no longer 'long-term support'. A CentOS-9 cannot be expected.
    So CentOS -as it was before- can be taken as dead.

  2. Rocky Linux is the successor of CentOS. The former CentOS community (lead by Gregory M. Kurtzer) started the whole thing new by the name 'Rocky Linux'. Currently the infrastructure is not completely rebuilt and by the time of this writing - only test distributions are available. (First 'beta' in Apr-2021). Since end of June 2021 Rocky Linux 8.4 is officially released and available for download and installation.

 

Watcher ... were it comes from and where it is going to ...


Revision  Milestone Year  State
  History    
0.1
-0.9

Organized as a 'Hardening tool' by a monolytic Bash script "WatchFW".

Started on SuSE Linux  9.7 and ported to Centos 6 (Rev. 0.5) and later to Centos 7 (Rev. 0.8)

Tracking of security logs (sshd) and MTA (mail server) access by asyncronous scans and 'tail reading' of service log files. The firewall loads after system (re)starts took hours as the list of 'bandits' grows to several ten-thousands.

After a provider & server change in 2018 it still took 10-15 minutes to push all 'bandit' lists into the firewall.

~2013

unpublished

Historic

  Revision 1    
1.0

Monolytic script (WatchFW) for login tracking and later 'maillog' tracking to determine burglars and attackers accessing the 'login service' & 'mail transport service' to keep burglars and SPAMers away.

  • Introduded 'Realtime Intrusion Detection' by direct feed from the system logger through FIFOs ('named pipes') into exclusive channels for each scanner.
  • Introduced recording of detected 'bandits' into exclusive databases which resulted in evenly and predictable processing times.

Tested on Centos 7.

~2016 unpublished
Historic
 1.2
  • Speedups to load the firewall in seconds(!)
    This was chiefly accomplished by use of AWK scripting.
  • Fully modularized into:
    • 'Watcher Master' (startup service & library)
    • Modules:
      • WatchLG (login scanner module)
      • WatchMX/WatchMB (MTA log & Mailbox access scanner)
    • DynLoader:
      • SpamHaus
      • NixSpam
  • Dynamic rules for modules
  • Partially introduced IPSETs for 'global dropping' from mudules
    • timed ipset 'tarpit' (60 seconds per failed login or SPAM attempt)
    • permanent ipset 'custody' (to lockout bandits that exeed their 'affairs' limit)
~2019

published

Production

(Available thru the online-shop)

Only for EL7 (e.g. CentOS-7)

1.3
  • Fully based on IPSETs  (already working perfectly)
    • now modules work fully dynamic and create their IPSETs on-the-fly
    • Lighting fast database expiration without affecting kernel's xtables with any 'wait cycles'
  • Tremendous speedups due to massive code consolidation and re-work of the dynamic filter system
  • Will come with a 'WEB service' module "WatchWB"
  • Adaption for Debian-like (e.g. Ubuntu) & SuSe systems (SLES & LEAP)

 ~2021

October

unpublished

Testing

 

Release candidate RC1 available for registered users (7-Sep-2021)

1.? Maybe ... if the community comes up with wishes and requests    
  Revision 2 (Outlook)
   
2.0

With Rev. 2 Watcher will fully switch to 'Net Filter Tables' (nftables; NFT)

NFT integrates:

  • iptables & ip6tables,
  • arptables,
  • ebtables
  • integrates sets similar to 'ipset'

So there is only one user-space tool 'nft'  that does the jobs of formerly a real bunch of separate tools. Due to the integration of IPV4 & IPV6 into a new address family 'inet' it is much easier to extend Watcher to IPV6 which will probably come with Watcher 2.1 in the future.

Net-Filter-Tables comes with an completely different syntax and structure. The configuration files are 'block structured'. All the integration endevours created a pretty complex 'command language construction' that takes quite some re-writing  and re-organisation in the Watcher code.

For more detailed explanations about 'nftables' refer to the following links:

 

~2022

(~June)

 

Planing

First tests started on RHEL-8 clone Alma-Linux

Dieses System verwendet Cookies, weil das für den Betrieb eines Online-Shops unverzichtbar ist. Ich verstehe, dass Cookies auf meinem Computer Notizen über den Kontakt mit der besuchten WEB-Seite(n) hinterlegen und akzeptiere dies.