IBM Security Guardium

 View Only
Expand all | Collapse all

IBM Security Guardium "S-TAP Installation Issue"

  • 1.  IBM Security Guardium "S-TAP Installation Issue"

    Posted Sun November 22, 2020 10:27 AM
    Hello all,
    Kindly, I have an issue when I try to install the S-TAP v 11.1.0.11_r108868_1 into a Linux Server "Oracle DB " the STAP Bundle installed successfully but i can not verify it after that I checked again and i found this error in GIM Logs "status : Failed
    GIM - Failure point : update (Can not update KTAP - 11.1.0.11_r108868_1-1606033363: Searching for modules in /oracle/GIM/modules/KTAP/11.1.0.11_r108868_1-1606033363/modules.*tgz
    guard_ktap_loader. File /lib/modules/3.10.0-1160.6.1.el7.x86_64/build/.config not found Local build of KTAP will not)" and so on 

    there is another LOG_WARNING in S-TAP EVENTS "MSG(311)MODULE(1)"
     SEV (3)COUNT (1) ktap module not loaded for kernal: 3.10.0-1160.6.1.el7.x86_64

    So, Does any one saw this Error MSG and know the Solution for this issue as it a production server and it's very critical server.
    Thanks.



    ------------------------------
    Moustafa Salah
    ------------------------------


  • 2.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Mon November 23, 2020 03:15 AM
    Edited by Flavio Paiusco Mon November 23, 2020 03:41 AM
    Hi Moustafa

    have you checked the parameters KTAP_ALLOW_MODULE_COMBOS and KTAP_LIVE_UPDATE are both set to "Y", then recycle the STAP?

    If the STAP still cannot load a KTAP module then you might want to consider to compile the KTAP on the fly following this beautiful guide --> https://guardiumnotes.wordpress.com/2015/09/11/k-tap-installation-fails-on-linux-is-not-a-problem-longer/


    If you have no restrictions on keeping those RPM's a Prod environment you could consider to have them installed on every server along with the STAP, from that moment on-wards you won't have KTAP compatibility problem anymore after an OS patching :)

    Regards
    Flavio

    ------------------------------
    Flavio Paiusco
    ------------------------------



  • 3.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Mon November 23, 2020 08:50 AM
    Dear Flavio,
    Thank you for your reply and Kindly be Informed that I Used the K-TAP Parameters while installing as below 

    • KTAP_ENABLED – 1 
    • KTAP_ALLOW_MODULE_COMBOS - Y
    • KTAP_LIVE_UPDATE - Y
    and the S-TAP Installed successfully at first but when i checked again in S-TAP Status I found that the K-TAP is not installed and when I tried to Update Parameters for installing the K-TAP But it was Failed and I found the Error Messages that I Mentioned Before and the K-TAP Didn't install. So, do you know any solution for this issue and can i copy the Module that installed in one machine to this machine or there are some restriction for this point.

    thank you.

    ------------------------------
    Moustafa Salah
    ------------------------------



  • 4.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Mon November 23, 2020 09:49 AM
    Hi Moustafa

    Have you downloaded from FixCentral the latest KTAP bundle? Support publishes regularly new KTAP bundles with the latest supported kernels. However, since it's almost impossible to cover all the existing kernel here is a solution if you kernel is still unsupported...

    You can indeed upload a custom KTAP module from the STAP to the GIM server (usually the CM, but it can be another machine as well) by setting to "Y"  the parameter STAP_UPLOAD_FEATURE. You might want to test this process in a lower environment and when you are ready you can proceed as per following:

    1. choose a server that is running an unsupported kernel (it doesn't have to have a DB running on it)
    2. install the RPM's I mentioned earlier and then the STAP with all the discussed parameters set accordingly
    3. verify under Manage --> Module Installation --> Setup by Client the new module has been uploaded successfully. You will see it as a new BUNDLE-STAP that will end with _800. This number will increase very time a new KTAP module is added.
    4. deploy the custom KTAP to the other server where needed

    Cheers
    Flavio

    ------------------------------
    Flavio Paiusco
    ------------------------------



  • 5.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Mon November 23, 2020 10:45 AM
    Hello Flavio,

    I already installed the S-TAP Bundle in a test Database With the Same OS Distribution and the Installation is done successfully So, is it applicable to Copy this Bundle instead of using new server and new installation and kindly be informed that the Test data base connected to an collector different from the Production database.
    and could you please tell me how to add the locally built modules to modules.tgz. and is the local build is found in fix central or where can I get it?

    thank you.


    ------------------------------
    Moustafa Salah
    ------------------------------



  • 6.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Mon November 23, 2020 11:00 AM
    Hello Moustafa

    This means your S-TAP installation has failed since the K-TAP module for your Operating System is not available and need to be requested and later on added to S-TAP installation.

    Basically you will need to open a ticket on Guardium Support Team with the subject "K-TAP Module request for 3.10.0-1160.6.1.el7.x86_64"​​​ since already reviewed if there were Exact or Flex match on the Guardium_11.1_KTAP_List.csv on Fix Central and there are not matches neither Flex or exact.
    Be sure to include the following information upon the ticket creation ]# uname -a 


    Best Regards
    Juan Pluma

    ------------------------------
    Juan Pluma
    ------------------------------



  • 7.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Mon November 23, 2020 12:09 PM

    Check ktap_install.log ; you'll see that the STAP does not ship by default with a KTAP for the 3.10.0-1160.6.1.el7.x86_64 kernel.

    There are multiple options:

     - consider if you need KTAP at all. Unfortunately, in your case, you do - Oracle monitoring requires KTAP.

     - you may be able to switch to a supported kernel version. e.g. 3.10.0-1160.2.2.el7.x86_64 is supported by default.

     - if you install the C compiler tool chain and the kernel_devel package, the install process will build a custom KTAP for you; this will be available instantly. (If you have more than one machine, you can perform this process on one machine, and then copy that KTAP to your other systems. Many customers do the build on a test system, so they do not need the compiler/etc. on a production box).

     - if none of the above will work for you, you can request that IBM provide a KTAP. However, note that this process takes at least a few weeks.




  • 8.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Tue November 24, 2020 03:38 AM
    Edited by Moustafa Salah Tue November 24, 2020 06:21 AM
    Hello All,
     
    thank you for your reply, and could you please clarify to me if there are prerequisites or some restriction for the AIX Server Implementation or it is the Same as the Configuration and prerequisites that needed for the RedHat Environment 

    and the Restrictions for the Windows Environment too as the S-TAP Installed successfully but can't find the Inspection Engine of the DB Server.

    thank you very much and waiting for your reply ASAP.

    ------------------------------
    Moustafa Salah
    ------------------------------



  • 9.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Tue November 24, 2020 06:15 AM
    Hello Paul & Juan,
     
    thank you for your reply, and could you please clarify to me some point 
    • what the first action that should I do and kindly be informed that i tested this S-TAP Bundle in a test Environment with the same OS Release and the S-TAP Installed Successfully So, is this can be because the GCC & kernel-devel may be not installed and if they not installed then if i installed these Packages, is this can help to solve this issue? 
    • in a case of the Packages are Installed and the Problem is in the Kernel Version is not Supported (3.10.0-1160.6.1.el7.x86_64) i searched about this kernel in the Finding the Correct K-TAP Version For your Linux kernel site and I didn't find any thing so in this case you said that i can copy the K-TAP Module from tested server to the Production server and in this point i have to questions
      • Can i do this through the GIM Interface on the Collector and kindly be informed that the collector that used for the test is not the same collector that i used for the Production server so is it applicable to copy the K-TAP From GIM Interface or not and if it applicable can i do this with the already tested server or i should use new server for test with this collector
      • when i followed the Steps for coping the K-TAP Bundle from Tested Sever to another is it applicable to use the Bundle that installed with the other collector or it will fail and when i followed the steps  "Change directory to /usr/local/guardium/guard_stap/ktap/current/ and run ./guard_ktap_append_modules to add the locally built modules to modules.tgz."  in this step what is locally built Module that should i add to Modules.tgz and where can i get it and add it i didn't understand this Point.
      • if the Copying K-TAP Does not work the last step is to open the Case with the Support or there is another thing to check
    thank you very much and waiting for your reply ASAP.

    ------------------------------
    Moustafa Salah
    ------------------------------



  • 10.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Wed November 25, 2020 02:32 AM
    Hi,
    • what the first action that should I do and kindly be informed that i tested this S-TAP Bundle in a test Environment with the same OS Release and the S-TAP Installed Successfully So, is this can be because the GCC & kernel-devel may be not installed and if they not installed then if i installed these Packages, is this can help to solve this issue? 

    Process looks this ways:
    - install new kernel on test machine where STAP, gcc, make and kernel-devel are installed
    - reboot test environment
    - after a while new STAP release will be transferred to your GIM server - release with minor number 8xx
    - install new STAP version *8xx) on your prod server
    - upgrade kernel on production
    - reboot production
    - new kernel will be supported
    This same procedure if you would like upgrade agent.
    There is many articles about this process, you can refer to mine on https://guardiumnotes.wordpress.com

    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------



  • 11.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Tue December 08, 2020 03:00 AM
    Hello All,
    Firstly, I would like to thank you all for your kind support and I would like to share with you that my case was solved by installing another version of K-TAP Which compatible with the Kernel version of the DB Server operating system.

    Thank you.

    ------------------------------
    Moustafa Salah
    ------------------------------



  • 12.  RE: IBM Security Guardium "S-TAP Installation Issue"

    Posted Thu November 30, 2023 12:40 PM

    Dear Mostafa,

    Did you restarted the server after uninstalling the old version or you just perform uninstallation then installed a new version of Stap can you share with me the steps ?  



    ------------------------------
    Mrwan Mohsen
    ------------------------------