IBM Security Guardium

 View Only
  • 1.  Guardium 12 troubles

    Posted Wed May 22, 2024 11:23 AM
      |   view attached

    Hello all experts,

    I am Guardium Data Protection novice/beginner, currently in "phase" of learning & testing of Guardium V12.
    My Guardium "topology" is very simple: one standalone collector (with applied latest patches) + two DB servers: Rocky Linux 8.6 with Informix V14.10FC8
    and Ubuntu 22.04.4 with Informix V14.10FC10W2.

    Unfortunately, I am faced with these issues/bad experiences:

    1. Consolidated installer and CAS module.
       I can not find guard-bundle-CAS* installation script, so CAS module installation with using of consolidated installer seems to be impossible...
    2. Ubuntu 22.04 and installation of custom K-TAP module.
       I have used consolidated installer with following installation scripts:
       The compilation of custom K-TAP module for 5.15.0-107-generic kernel finished with this error:

        /opt/IBM/Guardium12/modules/KTAP/ No such file or directory
        make[2]: *** [scripts/Makefile.modpost:133: /opt/IBM/Guardium12/modules/KTAP/] Error 1
        make[1]: *** [Makefile:1830: modules] Error 2
        make[1]: Leaving directory '/usr/src/linux-headers-5.15.0-107-generic'
        make: *** [Makefile:104: modules-kernels] Error 1
        Could not build KTAP
        We cannot provide a module for the running kernel and no close
        fitting combination was found.  Please contact IBM and provide the
        following information:
        uname: Linux ubuntu 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
        kernel: 5.15.0-107-generic-x86_64-SMP
        The in-kernel functionality will now be disabled.
        ktap module not loaded for kernel: 5.15.0-107-generic

       More info - see attached ktap_install.log file...

       Installation of K-TAP on Rocky Linux 8.6 was done with no issues.

    3. Informix IDS V14.10FC10W2 and Guardium inspection engine with INFX_EXIT configuration.
       Initial run of ifxguard utility (for creating $INFORMIXDIR/etc/ifxguard.$INFORMIXSERVER config file)
       is immediately finished with "core dumped" crash (an no ifxguard config file is created).
       IDS V14.10FC8: ifxguard -p ... -l ... does run without crash and ifxguard config file is created.

    4. Informix IDS V14.10FC8, V14.10FC10W2 and Guardium inspection engine with INFX_EXIT configuration.
       Monitoring of "drsoctcp" interface/protocol does not set Guardium attribute "Records Afected" to correct value but to "-1".
       When "onsoctcp" or "onipcshm" communication protocol is monitored, correct value of "Records Afected" attribute is set.

    Many thanks for your replies in advance

    WBR Libor

    Libor Hohos


    zip   3 KB 1 version

  • 2.  RE: Guardium 12 troubles

    IBM Champion
    Posted Fri May 24, 2024 02:24 PM

    Hi @Libor Hohos,

    Welcome to the community!

    There's a lot to unpackage here, but I'll do my best to help steer you in a direction, at least.

    1. There's only one GIM. In other words, you will use the same GIM for S-TAP as you will for CAS.
    2. Her are a some helpful resources/options for dealing with K-TAP:
      1. Use the S-TAP parameter KTAP_ALLOW_MODULE_COMBOS=Y
      2. Obtain a K-TAP module from Fix Central that contains a matching Kernel, use the following link:
      3. Create your own K-TAP:
      4. Request a K-TAP from IBM:

    I don't have a lot of experience with Informix and I'm not sure at what point these errors are appearing. Here's a help document that may help:

    Wendy Zemba
    Sr. Consultant, Data Protection
    Converge Technology Solutions

    Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.

  • 3.  RE: Guardium 12 troubles

    Posted Wed May 29, 2024 04:15 AM

      Hello Wendy,

    thank you for welcoming me and trying to help me.
    Unfortunately, you are wrong when you think I don't read documentation. I am not that ignorant... ;-)

    "Consolidated installer" issue:
    - look at

    - look into file (*) at line 397 (what is BUNDLE_CAS from view point ?):
      cas_installer=`ls  guard-bundle-CAS*.sh 2> /dev/null`;

      (*) for example, file contains shell script file ...

    - download latest CAS ZIP archive from FixCentral (for example for Ubuntu):

    - show list of files in CAS ZIP archove file:

    unzip -l
      Length      Date    Time    Name
    ---------  ---------- -----   ----
            0  2023-11-30 22:10   Guardium_12.0.0.0_CAS_Ubuntu_r115418/
            0  2023-09-15 07:28   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/
    146492994  2023-09-15 02:44   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-
    146499154  2023-09-15 02:14   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-
    146494265  2023-09-15 03:01   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-
    146503204  2023-09-15 02:01   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-
    146503454  2023-09-15 02:08   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-
         1170  2023-09-15 08:10   Guardium_12.0.0.0_CAS_Ubuntu_r115418/MD5SUMS
            0  2023-09-15 07:29   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/
    146379028  2023-09-14 21:25   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/
    146386593  2023-09-14 21:22   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/
    146386181  2023-09-14 21:24   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/
    146376899  2023-09-14 21:25   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/
    146382599  2023-09-14 21:25   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/
       460092  2023-11-30 21:10   Guardium_12.0.0.0_CAS_Ubuntu_r115418/ustap_release_notes_12.0.pdf
    ---------                     -------
    1464865633                     15 files

    A file with name matching the guard-bundle-CAS*.sh pattern does not exist in given zip archive => consolidated installer cannot install CAS module.
    Yes, I can install it another way, but in the case of the "consolidated installer" method, the documentation is incorrect.


    "Custom K-TAP" issue
    - I have downloaded latest K-TAP module from FixCentral, of course:
    - I have used parameter "--ktap_allow_module_combos" with
      Unfortunately, the K-TAP installation process finished with message (you can find it in attachment of my first post... near to end of ktap_install.log file):
      "We cannot provide a module for the running kernel and no close fitting combination was found."

    - GNU C compiler, make utility and kernel headers are installed, of course...
      Unsuccessful process of custom K-TAP module creation does finish with error (also mentioned in my first post...):
      /opt/IBM/Guardium12/modules/KTAP/ No such file or directory

      where /opt/IBM/Guardium12 is Guardium modules installation (root) directory.

      The reason of non-existence ".linux_ktap_export.o.cmd" file is unknown to me... and what about it the author of "custom K-TAP module" build process?
    "ifxguard" issue
    - unfortunately, the "Segmentation fault (core dumped)" message is just consequence of a programmer "awkward" error.
      The author of ifxguard source code should look for uninitialized variable or access into unallocated memory.
      This is not about Guardium 12 documentation reading...

        WBR "no-cost tester" Libor ;-)

    Libor Hohos