IBM Support

Oracle RAC/Linux cluster can potentially cause a server crash with Guardium STAP 8.2 [ Republished from May 2012]

Question & Answer


Question

Guardium Development have identified an issue with STAP 8.2 running in Oracle RAC/Linux which has a potential to cause a server crash. []Latest update: This update is from September 23, 2014 to the document originally published in May, 2012. The purpose of this update is to clarify: [

    ] [
  • ]The code to address server crash is present in the original version of STAP v9 and in all subsequent revisions therefore all v9 STAP revisions (and future versions) are not exposed to this crash. [
  • ]The recommendation regarding unix_domain_socket_marker to filter out unusable inter-cluster communication is relevant to all versions of STAP. [
][]

Answer

    The guard_tap.ini of every cluster node should be changed immediately to reduce the chances of a server failure to ‘very low’. There are two options to do this below - Manual Correction or Automatic Script

    Tab navigation


    A script has been developed to change the configuration in the guard_tap.ini file automatically to avoid this problem.

    It is recommended to perform both steps 1. and 2. below independently. The configuration change to the guard_tap.ini is important to filter out unusable inter cluster communication.

    1. On systems with S-TAP present - running or, at least, installed - the attached file is a script that finds the guard_tap.ini file automatically and populates the unix_domain_socket_marker parameter for the inspection engines specified

      You can run the script in 2 ways:

      ./udsmadd.sh <IE_NAME > <MARKER > <IE_NAME > <MARKER > ...

      IE_NAME - the name of inspection engine section in guard_tap.ini (like DB_0, DB_1 etc)
      MARKER - IPC key marker (like LISTENER or some other common substring for all IPC keys in listener.ora)

      OR:

      ./udsmadd.sh <MARKER >

      to change marker for all inspection engines defined in guard_tap.ini (or single inspection engine, if there is only one - which is the usual case for Oracle RAC nodes).
      Also, you can use NULL as a marker name to reset it to the default value (if S-TAP sees NULL there it will populate it using default values automatically at run-time).


      The script must be run as user root or guardium (if you use the latter for running S-TAP). - Please also note the following requirements :-
      • chmod u+x udsmadd.sh - for the script to set executable permission for the corresponding OS user.
      • The script needs the /tmp directory to be present in the system
      • A backup of the guard_tap.ini file is made with the name "guard_tap.ini.bkp" in the same directory before making changes.

      udsmadd.sh

    2. Please download from Fix Central and install the Linux installer corresponding to your flavour of Linux - revision 41382 or later for version 8.2.

      The code to address server crash is present in the original version of STAP v9 and in all subsequent revisions therefore all v9 STAP revisions (and future versions) are not exposed to this crash.

    Reboot your server at your earliest convenience after making the above changes.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.1;9.0;8.2;8.1;8.0.1;8.0","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21652513

Page Feedback