IBM Support

How the Guardium S-TAP Process is handled throughout OS versions

Question & Answer


Question

How do I start and stop the S-TAP process on different operating system (OS) versions?

Cause

Depending on the operating system type and version there are different methods used to start and stop Guardium processes. Use this technote for instructions for the most common.
Note - This is not a comprehensive list of all operating systems supported by Guardium.

Answer

This informormation can be found inthe relevent Guardium Knowledge Center documentaiton

Linux-UNIX: How S-TAP/GIM processes are initialized by different OS types/versions
for example :-

  
 

The above documentation / version should be used where possible.

Later versions can also be accessed from one of the above links by simply selecting the "Change version or product" drop down list

    

Below information is historical for older versions and has been kept as a reference only.

 

    

    

Startup facility based on OS versions and supported S-TAP versions (v9 and v10):
 

OS
OS Version
Startup facility
V9/V10 S-TAP, GIM support
AIX AIX 5.3 init - /etc/inittab V9 only
AIX 6.1 init - /etc/inittab both V9/V10
AIX 7.1 init - /etc/inittab both V9/V10
Solaris Solaris 5.9 init - /etc/inittab V9 only
Solaris 5.10 sparc, 5.10 i386, 5.10 i386_64 svc - services both V9/V10
Solaris 5.11 sparc, 5.11 i386_64 svc - services both V9/V10
HP-UX HP-UX 11.11 pa9000 init - /etc/inittab both V9/V10
HP-UX 11.23 ia64, 11.23 pa9000 init - /etc/inittab both V9/V10
HP-UX 11.31 ia64, 11.31 pa9000 init - /etc/inittab both V9/V10
Linux - Redhat Redhat 4 i686, 4 ia64, 4 x86_64 init - /etc/inittab both V9/V10
Redhat 5 i686, 5 ia64, 5 ppc64, 5 s390x, 5 x86_64 init - /etc/inittab both V9/V10
Redhat 6 i686, 6 ppc64, 6 s390x, 6 x86_64 upstart both V9/V10
Redhat 7 x86_64 systemd both V9/V10
Redhat 7 Power 8 Little endian N/A V10 only
Linux - Ubuntu Ubuntu 10.04 x86_64 upstart both V9/V10
Ubuntu 12.04 x86_64 upstart both V9/V10
Ubuntu 14.04 x86_64 upstart both V9/V10
Linux - SuSe Suse 9 i686, 9 x86_64, 9 s390x init - /etc/inittab V9 only
Suse 10 i686, 10 x86_64, 10 s390x, 10 ppc init - /etc/inittab both V9/V10
Suse 11 i686, 11 x86_64, 11 s390x init - /etc/inittab both V9/V10
Suse 12 x86_64 systemd V10 only


 
Start/Stop methods of each facility

1. init - /etc/inittab

a. Edit /etc/initab. Add or erase a hash sign # to comment or comment out the service, or a colon : in AIX
b. Run "init q" to make the changes effective.
 

2. upstart

Run "initctl list" to know the list of upstart services, and run "start <service_name>" to start the service, and run "stop <service_name" to stop it. 

2.1 S-TAP without GIM 2.2 S-TAP installed via GIM
To start S-TAP:
    • start utap
To stop S-TAP:
    • stop utap
To verify the status of S-TAP:
    • staus utap
       
 To know the service name of GIM and supervisor:
    • initctl list | grep _
To start GIM, supervisor:
    • start gim_<revision#>
      start gsvr_<revision#>
      (e.g. start gim_56789)
To stop GIM, supervisor:
    • stop gim_<revision#>
      stop gsvr_<revision#>
      (e.g. stop gim_56789)
To verify the status of GIM, supervisor:
    • status gim_<revision#>
      status gsvr_<revision#>
(e.g. status gim_56789)

3. systemd


 

3.1 S-TAP without GIM 3.2 S-TAP installed via GIM
To start S-TAP:
    • systemctl start guard_utap.service
To stop S-TAP:
    • systemctl stop guard_utap.service
To verify the status of S-TAP:
    • systemctl -t service -a | grep guard_utap
 To start GIM, supervisor:
    • systemctl start guard_gim.service
      systemctl start guard_gsvr.service
To stop GIM, supervisor:
    • systemctl stop guard_gim.service
      systemctl stop guard_gsvr.service
To verify the status of GIM, supervisor
    • systemctl -t service -a | grep guard


4. svc - services

4.1 S-TAP without GIM 4.2 S-TAP installed via GIM
To start S-TAP:
    • svcadm -v enable guard_utap
To stop S-TAP:
    • svcadm -v disable guard_utap
To verify the status of S-TAP:
    • svcs | grep guard_utap
 To start GIM, supervisor:
    • svcadm -v enable guard_gim
      svcadm -v enable guard_gsvr
To stop GIM, supervisor:
    • svcadm -v disable guard_gim
      svcadm -v disable guard_gsvr
To verify the status of GIM, supervisor
    • svcs | grep guard


5. rc - For Linux

a. Navigate to the STAP install directory
b. run ./rc stop to stop STAP process
c. run ./rc start to start STAP process

Eg:

[root@DB ~]$ cd /usr/local/guardium/modules/STAP/9.0.0_r85844_1-146244
[root@DB 9.0.0_r85844_1-1462447508]$ ./rc stop
[root@DB 9.0.0_r85844_1-1462447508]$ ps -ef | grep stap
root 28085 27273 0 16:13 pts/1 00:00:00 grep stap
[root@DB 9.0.0_r85844_1-1462447508]$ ./rc start
[root@DB 9.0.0_r85844_1-1462447508]$ ps -ef | grep stap
root 28108 18504 0 16:13 ? 00:00:00 /usr/local/guardium/modules/STAP/9.0.0_r85844_1-1462447508/guard_stap /usr/local/guardium/modules/STAP/9.0.0_r85844_1-1462447508/guard_tap.ini
root 28132 27273 0 16:13 pts/1 00:00:00 grep stap
[root@DB 9.0.0_r85844_1-1462447508]$

  

* Note

there are also some old Internal Notes that Guardium Technical support can access by referenceing the Internal Document.

It details a few commands that can be used to check service logs if STAP is in maintenance mode etc.

   

  

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0IAAS","label":"STAP"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
24 April 2020

UID

swg21981201

Page Feedback