Hi,
- what the first action that should I do and kindly be informed that i tested this S-TAP Bundle in a test Environment with the same OS Release and the S-TAP Installed Successfully So, is this can be because the GCC & kernel-devel may be not installed and if they not installed then if i installed these Packages, is this can help to solve this issue?
Process looks this ways:
- install new kernel on test machine where STAP, gcc, make and kernel-devel are installed
- reboot test environment
- after a while new STAP release will be transferred to your GIM server - release with minor number 8xx
- install new STAP version *8xx) on your prod server
- upgrade kernel on production
- reboot production
- new kernel will be supported
This same procedure if you would like upgrade agent.
There is many articles about this process, you can refer to mine on
https://guardiumnotes.wordpress.com------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Międzyrzecz
------------------------------
Original Message:
Sent: Tue November 24, 2020 06:14 AM
From: Moustafa Salah
Subject: IBM Security Guardium "S-TAP Installation Issue"
Hello Paul & Juan,
thank you for your reply, and could you please clarify to me some point
- what the first action that should I do and kindly be informed that i tested this S-TAP Bundle in a test Environment with the same OS Release and the S-TAP Installed Successfully So, is this can be because the GCC & kernel-devel may be not installed and if they not installed then if i installed these Packages, is this can help to solve this issue?
- in a case of the Packages are Installed and the Problem is in the Kernel Version is not Supported (3.10.0-1160.6.1.el7.x86_64) i searched about this kernel in the Finding the Correct K-TAP Version For your Linux kernel site and I didn't find any thing so in this case you said that i can copy the K-TAP Module from tested server to the Production server and in this point i have to questions
- Can i do this through the GIM Interface on the Collector and kindly be informed that the collector that used for the test is not the same collector that i used for the Production server so is it applicable to copy the K-TAP From GIM Interface or not and if it applicable can i do this with the already tested server or i should use new server for test with this collector
- when i followed the Steps for coping the K-TAP Bundle from Tested Sever to another is it applicable to use the Bundle that installed with the other collector or it will fail and when i followed the steps "Change directory to /usr/local/guardium/guard_stap/ktap/current/ and run ./guard_ktap_append_modules to add the locally built modules to modules.tgz." in this step what is locally built Module that should i add to Modules.tgz and where can i get it and add it i didn't understand this Point.
- if the Copying K-TAP Does not work the last step is to open the Case with the Support or there is another thing to check
thank you very much and waiting for your reply ASAP.
------------------------------
Moustafa Salah
Original Message:
Sent: Mon November 23, 2020 12:08 PM
From: Paul Spencer
Subject: IBM Security Guardium "S-TAP Installation Issue"
Check ktap_install.log ; you'll see that the STAP does not ship by default with a KTAP for the 3.10.0-1160.6.1.el7.x86_64 kernel.
There are multiple options:
- consider if you need KTAP at all. Unfortunately, in your case, you do - Oracle monitoring requires KTAP.
- you may be able to switch to a supported kernel version. e.g. 3.10.0-1160.2.2.el7.x86_64 is supported by default.
- if you install the C compiler tool chain and the kernel_devel package, the install process will build a custom KTAP for you; this will be available instantly. (If you have more than one machine, you can perform this process on one machine, and then copy that KTAP to your other systems. Many customers do the build on a test system, so they do not need the compiler/etc. on a production box).
- if none of the above will work for you, you can request that IBM provide a KTAP. However, note that this process takes at least a few weeks.
Original Message:
Sent: Sun November 22, 2020 10:27 AM
From: Moustafa Salah
Subject: IBM Security Guardium "S-TAP Installation Issue"
Hello all,
Kindly, I have an issue when I try to install the S-TAP v 11.1.0.11_r108868_1 into a Linux Server "Oracle DB " the STAP Bundle installed successfully but i can not verify it after that I checked again and i found this error in GIM Logs "status : Failed
GIM - Failure point : update (Can not update KTAP - 11.1.0.11_r108868_1-1606033363: Searching for modules in /oracle/GIM/modules/KTAP/11.1.0.11_r108868_1-1606033363/modules.*tgz
guard_ktap_loader. File /lib/modules/3.10.0-1160.6.1.el7.x86_64/build/.config not found Local build of KTAP will not)" and so on
there is another LOG_WARNING in S-TAP EVENTS "MSG(311)MODULE(1)"
SEV (3)COUNT (1) ktap module not loaded for kernal: 3.10.0-1160.6.1.el7.x86_64
So, Does any one saw this Error MSG and know the Solution for this issue as it a production server and it's very critical server.
Thanks.
------------------------------
Moustafa Salah
------------------------------