Question & Answer
Question
How can I manually uninstall Guardium STAP on Solaris v10? I tried to uninstall GIM with guardium uninstall script but it failed to remove the product. I understand that the ktap need the db-server to be rebooted to be unloaded from the kernel. I need to know what to do before reboot so that I don't need to reboot more than one time. This is the command I tried already: /opt/app/guardium/modules/GIM/current/uninstall.pl
Answer
There's one thing you can try to make the guardium uninstall.pl script to work. If you don't want to do that then go to step 1) below.
-
Take a copy of the uninstall script.
-
The first line of the script is looking like this:
#!/usr/bin/env perl
-
Replace that with your exact path to perl, for example:
#!/usr/perl5/perl
-
Then try again to run the uninstall script.
-
If the above script run OK then go down to step 5), if not start at step 1).
Here are instructions on how to manually un-install the product for Solaris 10. Also it contain a step to get rid of a older staps also. I'm using this article http://www-01.ibm.com/support/docview.wss?uid=swg21982923
If OS is other than Solaris 10 then please check the instructions in above article.
1) Login as root.
2) Stop the ktap module:
<installation_directory> /modules/KTAP/current/guard_ktap_loader stop
3) Stop STAP, and GIM.
Stop stap with this command:
svcadm -v disable guard_utap
To verify the status of S-TAP:
svcs | grep guard_utap
Stop GIM with these commands:
svcadm -v disable guard_gim
svcadm -v disable guard_gsvr
To verify the status of GIM:
svcs | grep guard
3) Remove ktap device and all guardium binaries manually.
a)
Remove the KTAP device file: /dev/ktap_ <some_number>
b)
Remove the Guardium install directory <installation_directory>
including all the files under the directory.
Be sure what you're doing when using rm -rf so you don't delete something else by mistake.
4) Remove guardium services:
a)
Run this command:
svcs | grep guard
It might give a result like this.
online 13:09:50 svc:/<path>/guard_gim:default
online 13:09:59 svc:/<path>/guard_gsvr:default
maintenance 13:07:33 svc:/<path>/guard_utap:default
b)
Delete services like this. Double check the names from output in step above
svccfg delete guard_gim
svccfg delete guard_gsvr
svccfg delete guard_utap
c)
Run this command:
svcs | grep guard
again. Now it should return nothing.
d)
Remove the Guardium service files.
Use this command to list them:
ls -l /lib/svc/method/guard*
and then do
rm on those files.
5)
Run these commands also:
ps -aef | grep tap
ps -ef | grep gim
svcs | grep guard
cd /gcs/app/guardium
ls -l
ls -l /lib/svc/method/*guard*
if anything is left then please then recheck all steps above, starting at 1).
6) Reboot the server.
After that you can check that ktap and services are not running.
lsmod | grep tap
svcs | grep guard_utap
svcs | grep guard
7) Reset GIM Client from Guardium GUI :
Navigate to Administration Console > Module Installation > Setup By
Client > Search
Check the checkbox of the DB server where you un-installed GIM, then
press " Reset Client".
[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium S-TAP","Platform":[{"code":"PF027","label":"Solaris"}],"Version":"10.0;10.0.1;10.1;10.1.2;8.2;9.0;9.1;9.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg22000327