IBM Security Guardium

 View Only
  • 1.  Guardium 12 troubles

    Posted 21 days ago
      |   view attached

    Hello all experts,

    I am Guardium Data Protection novice/beginner, currently in "phase" of learning & testing of Guardium V12.
    My Guardium "topology" is very simple: one standalone collector (with applied latest patches) + two DB servers: Rocky Linux 8.6 with Informix V14.10FC8
    and Ubuntu 22.04.4 with Informix V14.10FC10W2.

    Unfortunately, I am faced with these issues/bad experiences:

    1. Consolidated installer and CAS module.
       I can not find guard-bundle-CAS*.gim.sh installation script, so CAS module installation with using of consolidated installer seems to be impossible...
       
    2. Ubuntu 22.04 and installation of custom K-TAP module.
       I have used consolidated installer with following installation scripts:

       guard-bundle-GIM-12.0.1.0_r116302_v12_0_1-ubuntu-22.04-linux-x86_64.gim.sh
       guard-bundle-STAP-12.0.0.0_r115418_v12_0_7-ubuntu-22.04-linux-x86_64.gim.sh
       
       The compilation of custom K-TAP module for 5.15.0-107-generic kernel finished with this error:

        /opt/IBM/Guardium12/modules/KTAP/12.0.0.0_r115418_7-1715874936/custom/obj/x86_64-fentry-retpo-wrapper-hardened/.linux_ktap_export.o.cmd: No such file or directory
        make[2]: *** [scripts/Makefile.modpost:133: /opt/IBM/Guardium12/modules/KTAP/12.0.0.0_r115418_7-1715874936/custom/Module.symvers] Error 1
        make[1]: *** [Makefile:1830: modules] Error 2
        make[1]: Leaving directory '/usr/src/linux-headers-5.15.0-107-generic'
        make: *** [Makefile:104: modules-kernels] Error 1
        Could not build KTAP
        ===================================================================
        We cannot provide a module for the running kernel and no close
        fitting combination was found.  Please contact IBM and provide the
        following information:
        uname: Linux ubuntu 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
        release: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="Ubuntu 22.04.4 LTS" PRETTY_NAME="Ubuntu 22.04.4 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.4 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy 
        kernel: 5.15.0-107-generic-x86_64-SMP
        The in-kernel functionality will now be disabled.
        ===================================================================
        ktap module not loaded for kernel: 5.15.0-107-generic

       More info - see attached ktap_install.log file...

       Installation of K-TAP on Rocky Linux 8.6 was done with no issues.

    3. Informix IDS V14.10FC10W2 and Guardium inspection engine with INFX_EXIT configuration.
       Initial run of ifxguard utility (for creating $INFORMIXDIR/etc/ifxguard.$INFORMIXSERVER config file)
       is immediately finished with "core dumped" crash (an no ifxguard config file is created).
       IDS V14.10FC8: ifxguard -p ... -l ... does run without crash and ifxguard config file is created.

    4. Informix IDS V14.10FC8, V14.10FC10W2 and Guardium inspection engine with INFX_EXIT configuration.
       Monitoring of "drsoctcp" interface/protocol does not set Guardium attribute "Records Afected" to correct value but to "-1".
       When "onsoctcp" or "onipcshm" communication protocol is monitored, correct value of "Records Afected" attribute is set.

    Many thanks for your replies in advance

    WBR Libor



    ------------------------------
    Libor Hohos
    ------------------------------

    Attachment(s)

    zip
    ktap_install.zip   3 KB 1 version


  • 2.  RE: Guardium 12 troubles

    IBM Champion
    Posted 19 days ago

    Hi @Libor Hohos,

    Welcome to the community!

    There's a lot to unpackage here, but I'll do my best to help steer you in a direction, at least.

    1. There's only one GIM. In other words, you will use the same GIM for S-TAP as you will for CAS.
    2. Her are a some helpful resources/options for dealing with K-TAP:
      1. Use the S-TAP parameter KTAP_ALLOW_MODULE_COMBOS=Y
      2. Obtain a K-TAP module from Fix Central that contains a matching Kernel, use the following link: https://ibm.github.io/guardium-ktap/index.html
      3. Create your own K-TAP: https://www.ibm.com/docs/en/guardium/11.5?topic=tap-linux-unix-s-compilation-k
      4. Request a K-TAP from IBM: https://www.ibm.com/docs/en/guardium/11.5?topic=tap-linux-unix-requesting-k-module

    I don't have a lot of experience with Informix and I'm not sure at what point these errors are appearing. Here's a help document that may help: https://www.ibm.com/docs/en/guardium/11.5?topic=libraries-linux-unix-configuring-informix-exit



    ------------------------------
    Wendy Zemba
    Sr. Consultant, Data Protection
    wendy.zemba@convergetp.com
    Converge Technology Solutions

    Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.
    ------------------------------



  • 3.  RE: Guardium 12 troubles

    Posted 14 days ago

      Hello Wendy,

    thank you for welcoming me and trying to help me.
    Unfortunately, you are wrong when you think I don't read documentation. I am not that ignorant... ;-)

    "Consolidated installer" issue:
    ===============================
    - look at https://www.ibm.com/docs/en/guardium/12.x?topic=iuugclus-installing-gim-other-packages-linux-servers-by-using-consolidated-installer

    - look into consolidated_installer.sh file (*) at line 397 (what is BUNDLE_CAS from consolidated_installer.sh view point ?):
      cas_installer=`ls  guard-bundle-CAS*.sh 2> /dev/null`;

      (*) for example, Guardium_12.0.3.0_GIM_Ubuntu_r117209.zip file contains consolidated_installer.sh shell script file ...

    - download latest CAS ZIP archive from FixCentral (for example for Ubuntu): Guardium_12.0.0.0_CAS_Ubuntu_r115418.zip

    - show list of files in CAS ZIP archove file:

    unzip -l Guardium_12.0.0.0_CAS_Ubuntu_r115418.zip
    Archive:  Guardium_12.0.0.0_CAS_Ubuntu_r115418.zip
      Length      Date    Time    Name
    ---------  ---------- -----   ----
            0  2023-11-30 22:10   Guardium_12.0.0.0_CAS_Ubuntu_r115418/
            0  2023-09-15 07:28   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/
    146492994  2023-09-15 02:44   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-14.04-linux-x86_64.gim
    146499154  2023-09-15 02:14   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-18.04-linux-x86_64.gim
    146494265  2023-09-15 03:01   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-16.04-linux-x86_64.gim
    146503204  2023-09-15 02:01   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-20.04-linux-x86_64.gim
    146503454  2023-09-15 02:08   Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-22.04-linux-x86_64.gim
         1170  2023-09-15 08:10   Guardium_12.0.0.0_CAS_Ubuntu_r115418/MD5SUMS
            0  2023-09-15 07:29   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/
    146379028  2023-09-14 21:25   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-16.04-linux-x86_64.sh
    146386593  2023-09-14 21:22   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-20.04-linux-x86_64.sh
    146386181  2023-09-14 21:24   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-22.04-linux-x86_64.sh
    146376899  2023-09-14 21:25   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-14.04-linux-x86_64.sh
    146382599  2023-09-14 21:25   Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-18.04-linux-x86_64.sh
       460092  2023-11-30 21:10   Guardium_12.0.0.0_CAS_Ubuntu_r115418/ustap_release_notes_12.0.pdf
    ---------                     -------
    1464865633                     15 files

    A file with name matching the guard-bundle-CAS*.sh pattern does not exist in given zip archive => consolidated installer cannot install CAS module.
    Yes, I can install it another way, but in the case of the "consolidated installer" method, the documentation is incorrect.

    Howgh.;-)

    "Custom K-TAP" issue
    ====================
    - I have downloaded latest K-TAP module from FixCentral, of course: Guardium_KTAP_12.0_ubuntu-22-linux-x86-64_r115418_2024-05-10.zip
    - I have used parameter "--ktap_allow_module_combos" with consolidated_installer.sh
      Unfortunately, the K-TAP installation process finished with message (you can find it in attachment of my first post... near to end of ktap_install.log file):
      "We cannot provide a module for the running kernel and no close fitting combination was found."

    - GNU C compiler, make utility and kernel headers are installed, of course...
      Unsuccessful process of custom K-TAP module creation does finish with error (also mentioned in my first post...):
      /opt/IBM/Guardium12/modules/KTAP/12.0.0.0_r115418_7-1715874936/custom/obj/x86_64-fentry-retpo-wrapper-hardened/.linux_ktap_export.o.cmd: No such file or directory

      where /opt/IBM/Guardium12 is Guardium modules installation (root) directory.

      The reason of non-existence ".linux_ktap_export.o.cmd" file is unknown to me... and what about it the author of "custom K-TAP module" build process?
     
    "ifxguard" issue
    ================
    - unfortunately, the "Segmentation fault (core dumped)" message is just consequence of a programmer "awkward" error.
      The author of ifxguard source code should look for uninitialized variable or access into unallocated memory.
      This is not about Guardium 12 documentation reading...


        WBR "no-cost tester" Libor ;-)



    ------------------------------
    Libor Hohos
    ------------------------------