Thursday, October 24, 2019

IBM Guardium v11 GIM & S-TAP Download, Install, Validation and Verification


GIM & S-Tap Download


1.)     Download GIM to Assigned Database servers
1.)
2.)   Select the current/correct Fix Pack.
This implementation is Guardium v11 GIM, S-TAP, GIM AIX & S-TAP AIX





GIM & S-Tap Installation


3.)   Install only GIM Client on database server (.sh)
Note: require root and executable permission
a)     Log onto LPAR
b)     Sudo to Root
c)     Upload guard-bundle-GIM-9.0.0_r73521_v90_1-aix-6.1-aix-powerpc.gim.sh to temp dir
d)     chmod +x guard-bundle-GIM-9.0.0_r73521_v90_1-aix-6.1-aix-powerpc.gim.sh
e)     Install script using following command, ./guard-bundle-GIM-9.0.0_r73521_v90_1-aix-6.1-aix-powerpc.gim.sh -- --dir /usr/local/guardium –-tapip <IP Address of LPAR being installed on> --sqlguardip CollecterIP

4.)   Once install script complete run following command ps -ef| grep module 



5.)   Check to see if GIM client is running:  ps -ef | grep gim
5.)

6.)   Check to see if GIM is connected to Guardium appliance
(a)   log into Guardium appliance
(b)   Go to the Admin Console -> Module installation -> process monitoring







7)     Upload GIM and STAP server and Discovery agent (gim)
7)
a)     Locate the current/correct gim/stap from fix central and download (See Item 2)
b)     Log into Central Manager.
c)     Go to the Admin Console -> Module installation -> upload -> browse (select .gim files) for STAP, GIM and Discovery
d)     Check and click upload

8)     Distribute GIM modules to all collectors
a.     Log into Central Manager.
b.     Go to Admin Console -> Central Management ->  Central Management -> select all collectors









c.      Click on 'Distribute GIM Bundles
9.)   Install S-Tap from GIM (push down to database server)

a)     Log into Collector
b)     Go to the Admin console -> module installation - > Setup by Client -> Search -> select the database you want to install STAP -> choose Next
10.)          Select 'BUNDLE_STAP_xxxxx', Select  STAP

11.)          Click Next
12.)          Apply the following parameters
a.     ktap_enabled = 1,
b.     KTAP_ALLOW_MODULE_COMBOS = Y,
c.      KTAP_LIVE_UPDATE = Y,
d.     STAP_TAP_IP = database ip,
e.     STAP_SQLGUARD_IP = collector ip

13.)          Click “Apply to Clients”
 
14.)          Click “Install/Update”
15.)           Type “Now”
16.)          Click “apply’ & Install

17.)          Verify if S-TAP is installed on database

18.)          Click “Refresh” and status to be “Installed”.
19).  Go to  “Tap Monitor”->STAP Events

Go to “Tap Monitor”->STAP Status
Note: This will be on Collector, not Aggregator. 


19.)          Instance Discovery install:
a)     Go to the Admin console -> module installation - > Setup by Client -> Search -> select the database you want to install Discovery-> choose Next
b)     Select “Bunder-Discovery_xxxxx” and click “next”
c)     Apply the following parameters:
·        DISCOVERY_JAVA_DIR is set to Database java path(example /usr/java6_64/jre)
·        DISCOVERY_TAP_IP is set to Database IP (example 10.49.235.89)
·        DISCOVERY_SQLGUARD_IP is set to Collector IP (example: 10.49.136.11)
d)     Click “Apply to Clients” and Click “Install/Update”.

e)     Enter “now” and click “apply”

19.)          Check the install status as mentioned below by clicking the information box

20.)          Instilation Status information Box

Installation of the Discovery Agent on Guardium appliances


1.)   Add “Inspection engine” from database instance discovery
2.)   Go to “Daily Monitor” and select “Discovered instances”
3.)   Double click on the discovered instances for each row and select “Invoke”
4.)   Select “Create_stap_inspection_engine”

5.)   Click “Invoke now”
6.)   Click “Close”
7.)   Verify successful inspection installation from the instance discovery on the STAPS
a)     Go to “administration console”->Local Taps->S-TAP Control
b)     Select each installed S-TAP and click + on the Inspection Engines


 iLab LDAP setting:
1.)   Login as admin and set the following:
2. Login as accessmgr and set the following:

Login to Guardium with admin role
On Admin Console tab select Portal






References





No comments:

Post a Comment