IBM Security Guardium

 View Only
Expand all | Collapse all

STAP(KTAP) Installation Issue on RHEL 8.5 (Ootpa) , kernel 4.18.0-348.20.1.el8_5.x86_64

  • 1.  STAP(KTAP) Installation Issue on RHEL 8.5 (Ootpa) , kernel 4.18.0-348.20.1.el8_5.x86_64

    Posted Mon July 18, 2022 10:14 AM
      |   view attached
    Hello Seniors, Hope all is well.

    I Need your valuable support for troubleshooting one Fresh S-TAP Installation(Through GIM) Issue on Red Hat Enterprise Linux release 8.5 (Ootpa) , kernel 4.18.0-348.20.1.el8_5.x86_64 - Guardium Version is 11.2 - I am getting below K-TAP related error.

    "Client [1,] :
    Status : OK
    A reboot is recommended now to finalize the uninstall and is required prior to reinstall."
    "Client [1,] :
    Status : OK
    * KTAP MODULE INSTALLER PLATFORM CHECKS MESSAGE *"
    "Client [1,] :
    Status : FAILED
    GIM - Failure point : start (Can't start KTAP-11.2.0.12_r111889_1-1658149620 :
    Searching for module files in /usr/local/guardium/modules/KTAP/11.2.0.12_r111889_1-1658149620/modules-*.tgz
    <13�[ N N�


    Is it due to unable to find matching K-TAP module ?
    This is the installer file version from fix central - "Guardium_11.2.0.12_S-TAP_RedHat-7-8_r111889"

    So, i checked on "Finding the correct K-TAP version for your Linux kernel" Page,
    K-TAP Module Not Available for

    But, there is no mention of 11.2 which support "4.18.0-348.20.1.el8_5.x86_64" kernal. 

    Can someone please guide me on this what i should do further to resolve this Issue. Thanks in Advance. 


    ------------------------------
    Akashkumar Parmar
    ------------------------------


  • 2.  RE: STAP(KTAP) Installation Issue on RHEL 8.5 (Ootpa) , kernel 4.18.0-348.20.1.el8_5.x86_64

    Posted Tue July 19, 2022 07:02 PM
    Akashkumar
    For RHEL systems in particular, the STAP and KTAP balance is an adventure to keep up with.
    The bad news is that you will have to reboot to complete the uninstall.
    After the reboot, do the following. 
    Install the GIM, at 11.4. r111573 looks to be the latest. 
    Next, install the 11.3 STAP (r111685). )with KTAP_ENABLED=0.
    Pull down the KTAP-11.3-rhel-8-linux-x86-64_r111685 from Fix Central. (Link below)
    You can confirm the kernel is in the ktap_combos.txt

    Then you have to pull down the appropriate KTAP from Fix Central.
    Finding the correct K-TAP version for your Linux kernel
    Securitylearningacademy remove preview
    Finding the correct K-TAP version for your Linux kernel
    You can use this database to find the appropriate K-TAP version for your Linux kernel. In the Search field, enter the Kernel version (full or partial), select the appropriate Sort by fields, and click Search. Note: If you need to locate your Linux kernel version, use the uname -r command on your console.
    View this on Securitylearningacademy >


    You will have to use the Flex option.
    Make sure KTAP_ALLOW_MODULE_COMBOS=Y
    and KTAP_LIVE_UPDATE=Y
    KTAP_ENABLED=1 or Yes.
    And it should install OK.   

    There is a video on this that can help in the Security Learning Academy.
    https://www.securitylearningacademy.com/course/view.php?id=2803





    ------------------------------
    Jennifer Dodson
    Senior Security Technical Specialist
    US National Market Southwest
    1 469 990 5954 Mobile
    jennifer.dodson@ibm.com

    IBM
    ------------------------------



  • 3.  RE: STAP(KTAP) Installation Issue on RHEL 8.5 (Ootpa) , kernel 4.18.0-348.20.1.el8_5.x86_64

    Posted Fri July 22, 2022 03:50 AM
    Hello Jennifer, Thank you so much for the support.

    However, I have a question on this , I could see that, for my release(kernal) exact K-TAP is there but, the version is 11.1 , but, my Appliance is on v11.2 and Installed GIM version is "11.2.0.12_r111889_1", So, can i go ahead with matched STAP-KTAP bundle of v11.1, If yes, then, should i follow the same steps as suggested by you. if, not, then can you brief why can't we go with lower v11.1 STAP/KTAP version. Thanks in advance.


    Fix Central Screenshot :-



    ------------------------------
    Akashkumar Parmar
    ------------------------------



  • 4.  RE: STAP(KTAP) Installation Issue on RHEL 8.5 (Ootpa) , kernel 4.18.0-348.20.1.el8_5.x86_64

    Posted Fri July 22, 2022 09:49 AM
    Akashkumar,
    No worries. It is the same basic process just with the lower GIM, STAP and KTAP versions. I would strongly recommend you consider upgrading your appliances to 11.4. There are many new features, fixes, and more support options.  

    Jennifer


    ------------------------------
    Jennifer Dodson
    Senior Security Technical Specialist
    US National Market Southwest
    1 469 990 5954 Mobile
    jennifer.dodson@ibm.com

    IBM
    ------------------------------