Uninstall Guardium UNIX S-TAP and GIM manually

Troubleshooting

Problem

We'd like to uninstall Guardium S-TAP and GIM, but there is an issue with our network and therefore we can't do it via GIM. In this situation, how do we uninstall Guardium S-TAP and GIM directly on the DB server?

Symptom

There is a problem between the S-TAP on DB server and the Guardium appliance, such that we can't un-install the S-TAP from the Guardium GUI console using GIM.

Resolving The Problem

The steps differ on different operating systems because there are different methods of ensuring that services/processes begin with the system startup. A list of these can be found here:
How the Guardium S-TAP Process is handled throughout OS versions

The above technote is referenced here so these steps can be applied to any UNIX OS. In addition this technote contains walkthrough examples for Red Hat Linux 5, 6 and 7 . If you are using AIX, please refer to How to uninstall Guardium S-TAP manually if the uninstaller gets problems - AIX.

The following steps will clean up Guardium modules from the DB server.

1. Attempt an un-install of S-TAP via GIM.
See the following manual page for details. Using IBM Guardium Installation Manager
Proceed to the next step even if the above doesn't work.

2 Uninstall GIM client

2.1 Logon to the DB server as user root

2.2 Issue the following to uninstall the GIM client.
<installation_directory> /modules/GIM/current/uninstall.pl

Refer to the following manual page for more details. IBM Guardium Installation Manager

[ NOTE] <installation_directory> is something like this:
/usr/local/guardium/

3 (Optional) The following steps are workaround to be taken only if the S-TAP uninstaller in step 1 didn't work.

3.1 Unload the ktap module:
<installation_directory> /modules/KTAP/current/guard_ktap_loader stop

3.2 Stop the GIM and STAP service/processes. See start/stop methods of each facility here for general instructions for any UNIX OS.

3.2.1 For RHEL 5:

If you installed the agent through GIM:

inittab -

"gim:..."

"gsvr:..."

gim:2345:respawn:/usr/opt/perl5/bin/perl /opt/IBM/GIM/modules/GIM/8.2.00_r38049_1-1362445863/gim_client.pl

gsvr:2345:respawn:/opt/IBM/GIM/modules/perl /opt/IBM/GIM/modules/SUPERVISOR/9.0.0_r43212_1-13624464/guard_supervisor

If you installed the agent through command line:

inittab -

"utap:..."

utap:2345:respawn:/usr/local/guardium_v82_r57354/guardium/guard_stap/guard_stap /var/guard_tap.ini

After the above, be sure that you run the below command to ensure that the changes take place:
init q

After the changes have taken place, kill the processes. For example, if I have installed the STAP through command line:
ps -ef | grep guard_stap

This would provide the process ID for this process:
root 22598 22582 0 May06 ?/usr/local/guardium_v82_r57354/guardium/guard_stap/guard_stap /var/guard_tap.ini

Once the process ID has been found (the first number out of the two above), kill the process:
kill -9 22598

The equivalent must be done for a GIM installation.

3.2.2 For RHEL 6:

If you installed the agent through GIM:

ls -ltr /etc/init | grep gim

ls -ltr /etc/init | grep gsv

r

If you installed the agent through command line:

ls -ltr /etc/init | grep utap

stop [service name]

[service name]

3.2.3 For RHEL 7:

If you installed the agent through GIM:

systemctl is-active guard_gim.service
systemctl is-active guard_gsvr.service

Stop the services:

systemctl stop guard_gim.service
systemctl stop guard_gsvr.service

If you installed the agent through command line:

Check service status:

systemctl is-active guard_utap.service

Stop the service:

systemctl stop guard_utap.service

3.3 Remove the KTAP device file: /dev/ktap_ <some_number>

3.4 Remove the Guardium install directory <installation_directory> including all the files under the directory.

4. Reboot the system and make final checks
Reboot will unload K-TAP completely. It will also reload upstart (RHEL 6) and systemd (RHEL 7) - which is used to control processes and services that are started on system start.

4.1 Ensure K-TAP is not loaded any more by issuing
lsmod | grep tap

4.2 Ensure the services that were stopped in section 3.2 above are stopped based on the startup facility for your OS noted here.

4.2.1 For RHEL 5:
Check /etc/inittab to ensure that the lines are gone.

4.2.2 For RHEL 6:
Check the service list produced by the command below to ensure the services are "stopped" or not appearing.

initctl list

4.2.3 For RHEL 7:
Check the service list produced by the command below to ensure the STAP service is "activating" (which means its stopped). This is because it is set to auto restart, but will not activate.

systemctl -t service -a | grep guard_utap

Command to check if all services are stopped:

systemctl list-units --type service
5. Reset GIM Client from Guardium GUI

5.1 Navigate to Administration Console > Module Installation > Setup By Client > Search

5.2 Check the checkbox of the DB server where you un-installed GIM, then press " Reset Client".

Related Information

Installing IBM Guardium Installation Manager

Installing STAP with Guardium Installation Manager

How should I uninstall the Guardium GIM agent

How to uninstall Guardium S-TAP manually

How Guardium S-TAP Process is handled in OS versions

Installing an S-TAP on UNIX

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Appliances","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0;10.0.1;10.1;8.2;9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Uninstall Guardium UNIX S-TAP and GIM manually

Troubleshooting

Problem

Symptom

Resolving The Problem

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?