Hello Wendy,
thank you for welcoming me and trying to help me.
Unfortunately, you are wrong when you think I don't read documentation. I am not that ignorant... ;-)
"Consolidated installer" issue:
===============================
- look at https://www.ibm.com/docs/en/guardium/12.x?topic=iuugclus-installing-gim-other-packages-linux-servers-by-using-consolidated-installer
- look into consolidated_installer.sh file (*) at line 397 (what is BUNDLE_CAS from consolidated_installer.sh view point ?):
cas_installer=`ls guard-bundle-CAS*.sh 2> /dev/null`;
(*) for example, Guardium_12.0.3.0_GIM_Ubuntu_r117209.zip file contains consolidated_installer.sh shell script file ...
- download latest CAS ZIP archive from FixCentral (for example for Ubuntu): Guardium_12.0.0.0_CAS_Ubuntu_r115418.zip
- show list of files in CAS ZIP archove file:
unzip -l Guardium_12.0.0.0_CAS_Ubuntu_r115418.zip
Archive: Guardium_12.0.0.0_CAS_Ubuntu_r115418.zip
Length Date Time Name
--------- ---------- ----- ----
0 2023-11-30 22:10 Guardium_12.0.0.0_CAS_Ubuntu_r115418/
0 2023-09-15 07:28 Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/
146492994 2023-09-15 02:44 Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-14.04-linux-x86_64.gim
146499154 2023-09-15 02:14 Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-18.04-linux-x86_64.gim
146494265 2023-09-15 03:01 Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-16.04-linux-x86_64.gim
146503204 2023-09-15 02:01 Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-20.04-linux-x86_64.gim
146503454 2023-09-15 02:08 Guardium_12.0.0.0_CAS_Ubuntu_r115418/GIM_Packages/guard-bundle-CAS-12.0.0.0_r115418_v12_0_1-ubuntu-22.04-linux-x86_64.gim
1170 2023-09-15 08:10 Guardium_12.0.0.0_CAS_Ubuntu_r115418/MD5SUMS
0 2023-09-15 07:29 Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/
146379028 2023-09-14 21:25 Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-16.04-linux-x86_64.sh
146386593 2023-09-14 21:22 Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-20.04-linux-x86_64.sh
146386181 2023-09-14 21:24 Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-22.04-linux-x86_64.sh
146376899 2023-09-14 21:25 Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-14.04-linux-x86_64.sh
146382599 2023-09-14 21:25 Guardium_12.0.0.0_CAS_Ubuntu_r115418/Shell_Installers/guard-cas-12.0.0.0_r115418_v12_0_1-ubuntu-18.04-linux-x86_64.sh
460092 2023-11-30 21:10 Guardium_12.0.0.0_CAS_Ubuntu_r115418/ustap_release_notes_12.0.pdf
--------- -------
1464865633 15 files
A file with name matching the guard-bundle-CAS*.sh pattern does not exist in given zip archive => consolidated installer cannot install CAS module.
Yes, I can install it another way, but in the case of the "consolidated installer" method, the documentation is incorrect.
Howgh.;-)
"Custom K-TAP" issue
====================
- I have downloaded latest K-TAP module from FixCentral, of course: Guardium_KTAP_12.0_ubuntu-22-linux-x86-64_r115418_2024-05-10.zip
- I have used parameter "--ktap_allow_module_combos" with consolidated_installer.sh
Unfortunately, the K-TAP installation process finished with message (you can find it in attachment of my first post... near to end of ktap_install.log file):
"We cannot provide a module for the running kernel and no close fitting combination was found."
- GNU C compiler, make utility and kernel headers are installed, of course...
Unsuccessful process of custom K-TAP module creation does finish with error (also mentioned in my first post...):
/opt/IBM/Guardium12/modules/KTAP/12.0.0.0_r115418_7-1715874936/custom/obj/x86_64-fentry-retpo-wrapper-hardened/.linux_ktap_export.o.cmd: No such file or directory
where /opt/IBM/Guardium12 is Guardium modules installation (root) directory.
The reason of non-existence ".linux_ktap_export.o.cmd" file is unknown to me... and what about it the author of "custom K-TAP module" build process?
"ifxguard" issue
================
- unfortunately, the "Segmentation fault (core dumped)" message is just consequence of a programmer "awkward" error.
The author of ifxguard source code should look for uninitialized variable or access into unallocated memory.
This is not about Guardium 12 documentation reading...
WBR "no-cost tester" Libor ;-)
------------------------------
Libor Hohos
------------------------------
Original Message:
Sent: Fri May 24, 2024 02:24 PM
From: Wendy Zemba
Subject: Guardium 12 troubles
Hi @Libor Hohos,
Welcome to the community!
There's a lot to unpackage here, but I'll do my best to help steer you in a direction, at least.
- There's only one GIM. In other words, you will use the same GIM for S-TAP as you will for CAS.
- Her are a some helpful resources/options for dealing with K-TAP:
- Use the S-TAP parameter KTAP_ALLOW_MODULE_COMBOS=Y
- Obtain a K-TAP module from Fix Central that contains a matching Kernel, use the following link: https://ibm.github.io/guardium-ktap/index.html
- Create your own K-TAP: https://www.ibm.com/docs/en/guardium/11.5?topic=tap-linux-unix-s-compilation-k
- Request a K-TAP from IBM: https://www.ibm.com/docs/en/guardium/11.5?topic=tap-linux-unix-requesting-k-module
I don't have a lot of experience with Informix and I'm not sure at what point these errors are appearing. Here's a help document that may help: https://www.ibm.com/docs/en/guardium/11.5?topic=libraries-linux-unix-configuring-informix-exit
------------------------------
Wendy Zemba
Sr. Consultant, Data Protection
wendy.zemba@convergetp.com
Converge Technology Solutions
Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.
Original Message:
Sent: Wed May 22, 2024 09:00 AM
From: Libor Hohos
Subject: Guardium 12 troubles
Hello all experts,
I am Guardium Data Protection novice/beginner, currently in "phase" of learning & testing of Guardium V12.
My Guardium "topology" is very simple: one standalone collector (with applied latest patches) + two DB servers: Rocky Linux 8.6 with Informix V14.10FC8
and Ubuntu 22.04.4 with Informix V14.10FC10W2.
Unfortunately, I am faced with these issues/bad experiences:
1. Consolidated installer and CAS module.
I can not find guard-bundle-CAS*.gim.sh installation script, so CAS module installation with using of consolidated installer seems to be impossible...
2. Ubuntu 22.04 and installation of custom K-TAP module.
I have used consolidated installer with following installation scripts:
guard-bundle-GIM-12.0.1.0_r116302_v12_0_1-ubuntu-22.04-linux-x86_64.gim.sh
guard-bundle-STAP-12.0.0.0_r115418_v12_0_7-ubuntu-22.04-linux-x86_64.gim.sh
The compilation of custom K-TAP module for 5.15.0-107-generic kernel finished with this error:
/opt/IBM/Guardium12/modules/KTAP/12.0.0.0_r115418_7-1715874936/custom/obj/x86_64-fentry-retpo-wrapper-hardened/.linux_ktap_export.o.cmd: No such file or directory
make[2]: *** [scripts/Makefile.modpost:133: /opt/IBM/Guardium12/modules/KTAP/12.0.0.0_r115418_7-1715874936/custom/Module.symvers] Error 1
make[1]: *** [Makefile:1830: modules] Error 2
make[1]: Leaving directory '/usr/src/linux-headers-5.15.0-107-generic'
make: *** [Makefile:104: modules-kernels] Error 1
Could not build KTAP
===================================================================
We cannot provide a module for the running kernel and no close
fitting combination was found. Please contact IBM and provide the
following information:
uname: Linux ubuntu 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
release: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="Ubuntu 22.04.4 LTS" PRETTY_NAME="Ubuntu 22.04.4 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.4 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy
kernel: 5.15.0-107-generic-x86_64-SMP
The in-kernel functionality will now be disabled.
===================================================================
ktap module not loaded for kernel: 5.15.0-107-generic
More info - see attached ktap_install.log file...
Installation of K-TAP on Rocky Linux 8.6 was done with no issues.
3. Informix IDS V14.10FC10W2 and Guardium inspection engine with INFX_EXIT configuration.
Initial run of ifxguard utility (for creating $INFORMIXDIR/etc/ifxguard.$INFORMIXSERVER config file)
is immediately finished with "core dumped" crash (an no ifxguard config file is created).
IDS V14.10FC8: ifxguard -p ... -l ... does run without crash and ifxguard config file is created.
4. Informix IDS V14.10FC8, V14.10FC10W2 and Guardium inspection engine with INFX_EXIT configuration.
Monitoring of "drsoctcp" interface/protocol does not set Guardium attribute "Records Afected" to correct value but to "-1".
When "onsoctcp" or "onipcshm" communication protocol is monitored, correct value of "Records Afected" attribute is set.
Many thanks for your replies in advance
WBR Libor
------------------------------
Libor Hohos
------------------------------