Question & Answer
Question
We have successfully upgrade OS and CA eTrust and STAP is active, however, Guardium report is empty. How to resolve ?
Cause
Possible reasons:
1. Startup sequence was wrong. We want CA to hook to kernel first before KTAP does.
2. STAP was restarted in the inspection engine. It detects the syscall has been changed since its last change causing STAP to respawn indefinitely. End result is STAP did not restart.
Answer
Whether it's startup process or restarting STAP from inspection engine, STAP must do rehook to kernel first.
To resolve sequence order problem, make sure startup sequence in /etc/init is in this order
- START CA
- START STAP
To resolve STAP respawn problem, follow this verification checks:
1. Check setting in STAP_ENABLED.
If STAP_ENABLED is already set to 1, toggle the setting. Change the value to 0.
2. Stop KTAP
To unload ktap module from kernel:
# <STAP directory>/KTAP/guard_ktap_loader stop
Check again if ktap is loaded.
AIX : genkex | grep tap
Solaris: modinfo | grep tap
If the output returns ktap_XXXX means ktap module is running.
3. Restore the value of STAP_ENABLED to 1
4. Restart STAP.
If restarting stap does not work then reboot server but make sure your startup sequence is correct before doing so.
It is safe to restart STAP when CA is already loaded. But not the other way around.
** Note **
Guardium STAP and CA eTrust Interaction cause Server Crash
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg22009952