Install Guardium GIM & STAP into Linux Servers (Ubuntu and CentOS)

 This post is to record all steps to install IBM Guardium GIM and STAP into Linux server. Two linux servers with MySQL installed, Ubuntu 18.04 and CentOS 7.8

Topology

Download GIM & STAP Packages for Linux Release

A couple of steps:

1  Check your linux version and release

[root@localhost test1]# uname -a
Linux localhost.localdomain 3.10.0-1127.18.2.el7.x86_64 #1 SMP Sun Jul 26 15:27:06 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost test1]# cat /etc/*release
CentOS Linux release 7.8.2003 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.8.2003 (Core)
CentOS Linux release 7.8.2003 (Core)
[root@localhost test1]#

2  Go to IBM Fix Central, Choose IBM Security Guardium, latest version, 11.0, and Platform, Linux. 

3  Select right fixes to download: 

Using WINSCP to Transfer GIM Package to Linux DB Server

1  Extract package from downloaded zip files

2  Using WinSCP connect to your Linux DB servers and transfer right version's gim.sh script over . 

Run Installation script

1  Make script executable

[root@localhost test1]# ls
guard-bundle-GIM-11.2.0.0_r108838_v11_2_1-rhel-7-linux-x86_64.gim.sh
[root@localhost test1]# chmod +x guard-bundle-GIM-11.2.0.0_r108838_v11_2_1-rhel-7-linux-x86_64.gim.sh
[root@localhost test1]# ls
guard-bundle-GIM-11.2.0.0_r108838_v11_2_1-rhel-7-linux-x86_64.gim.sh
[root@localhost test1]#

2  Run Script

Example Command Usage : 

./guard-bundle-GIM-11.2.0.0_r108838_v11_2_1-rhel-7-linux-x86_64.gim.sh -- --dir /usr/local/guardium --sqlguardip 192.168.2.14 --tapip 192.168.2.16 --perl /usr/bin -q

3  Verify it from Guardium Web GUI

Install S-TAP

1  Import S-TAP Package for your linux release

2  Set up by client to push S-TAP package to be installed on Linux DB Server.

3  Set up S-TAP parameters properly

4  For CentOS, you will need to install a kernel package

Based on the post at https://guardiumnotes.wordpress.com/2015/09/11/k-tap-installation-fails-on-linux-is-not-a-problem-longer/, to fix S-TAP installation issue, you will need kernel development files to be installed. 

Check it with following three commands, if not found it, just install it with command : yum install gcc make kernel-devel

yum list installed gcc
yum list installed make
yum list installed kernel-devel

[root@localhost test1]# yum list installed gcc
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.mirror.rafal.ca
 * extras: centos.mirror.rafal.ca
 * updates: mirror.netflash.net
Error: No matching Packages to list
[root@localhost test1]# yum list installed kernel-devel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.mirror.rafal.ca
 * extras: centos.mirror.rafal.ca
 * updates: mirror.netflash.net
Installed Packages
kernel-devel.x86_64                                                                                         3.10.0-1127.19.1.el7                                                                                          @updates
[root@localhost test1]#

5  For Ubuntu 18.04

apt update

apt upgrade

apt install gcc

apt install linux-headers-generic

Note: It is based on https://askubuntu.com/questions/320288/what-is-the-linux-kernel-devel-equivalent-in-12-04-2-lts-3-5-0

YouTube Videos

For Ubuntu 18.04:

For CentOS 7.8

Fix S-TAP Installation Issue (Yellow status caused by ktap)

References

• IBM Security Guardium V10: How To Install GIM Client On Unix Server?
• K-TAP installation failure on Linux is not a problem longer