IBM Support

IBM Security Guardium: /dev/guard_ktap No such file or directory after new S-TAP installation

Troubleshooting


Problem

You just installed IBM Security Guardium S-TAP (S-TAP) product on your server but it is not working and the following error is logged in one or more of the logs: [] Tap_controller::init failed Opening pseudo device /dev/guard_ktap No such file or directory []

Symptom

The following error is logged in one or more of the logs; for example, in the system log file ( /var/log/messages ), or in the <GIM directory>/central_logger.log for environments using Guardium Installation Manager (GIM):


    Tap_controller::init failed Opening pseudo device /dev/guard_ktap No such file or directory

Additionally:

    /dev/*ktap* does not exist

Cause

Guardium was unable to create the ktap device during installation.

There are many possible reasons why the ktap device creation may fail. Below are the most common causes:

    - not using the modules file including the ktap module for the Linux kernel (Linux platform only)

    - not specifying the Flex Loading option to load the ktap module from the modules file (Linux platform only)

    - a previous ktap module (from an old installation) is still running/installed

    - On AIX this can also be caused by overmount/mount order issues. If guardium is installed to a filesystem (ie. /progs/guardium), and /progs is itself also a filesystem, and /etc/filesystems get re-ordered such that the /progs/guardium: stanza appears *before* /progs:, then the following logged error will persist even after a re-mount of /progs/guardium over mounted /progs (ie. when the path to the specified guard_tap.ini is valid):

    <date> <hostname> local0:err|error guard_tap[32833680]: GUARD-01: Cant read inifile /progs/guardium/modules/STAP/9.0.0_r52864_1-1386261738/guard_tap.ini: Cant open ini file.

    Reverting to /progs/guardium/modules/STAP/9.0.0_r52864_1-1386261738/guard_tap.ini.bak

Environment

IBM Infosphere Guardium S-TAP on Linux or Unix

Diagnosing The Problem

You are in presence of this issue if one or more of the following is True:

- /dev/guard_ktap does not exist

- /dev/*ktap* does not exist

- GIM log file (central_logger.log) and/or system log has message below:


    Tap_controller::init failed Opening pseudo device /dev/guard_ktap No
    such file or directory

- It is AIX , filesystems are mounted and matches scenario described in last bullet listed in the Causes section


Resolving The Problem

1. Run these commands as root:



    <STAP directory>/KTAP/guard_ktap_loader stop
    <STAP directory>/KTAP/guard_ktap_loader uninstall
    <STAP directory>/KTAP/guard_ktap_loader install
    <STAP directory>/KTAP/guard_ktap_loader start



2. Check if the ktap device is now created ( ls /dev/*ktap* ). If it was created, issue is resolved. If not, continue to next steps.


3. Stop the STAP process (guard_stap) if running.


    You can check if it is running with command ps -ef | grep guard_stap .

    Refer to the Stop Unix S-TAP section in the Guardium Information Center online in the Related URL section, for details on how to stop the STAP process.



4. Make sure the STAP process is not running before moving to next step ( ps -ef | grep guard_stap ).


5. Uninstall the STAP.


    Refer to the Remove Previous Unix S-TAP section in the Guardium Information Center online in the Related URL section, for details on how to uninstall the STAP.

    Refer to the How to uninstall Guardium S-TAP manually if the uninstaller gets problems document in the Related URL section if you have problems uninstalling the STAP.



6. Make sure the STAP directory is gone.


7. Check if a ktap module is still running (for example, from an old installation). Use the appropriate command for your platform, examples:


    Linux : lsmod | grep ktap


    Solaris : modinfo | grep tap
    HP-UX : lsdev | grep tap
    AIX : genkex | grep tap

If a device such as ktap_<release> is shown, means the ktap module is running

8. If you found a ktap module was running in previous step, run the steps below to stop and uninstall the ktap module.


    <STAP directory>/KTAP/guard_ktap_loader stop
    <STAP directory>/KTAP/guard_ktap_loader uninstall

    Reboot the server.



9. If using GIM, click the Reset Clients button on the appliance's GUI GIM interface (Administration Console / Module Installation).

    Wait for server (usually a few minutes) to show up in the client list in the GIM GUI again.


10. Reinstall the STAP.

    If platform is Linux:

    Use the Flex Loading instructions. Refer to document STAP Flex loading instructions for GIM and non-GIM environments in the Related URL section for details. Note: If using GIM to install the STAP, and the instructions in the technotedo not work, reinstall the STAP bundle via GIM using the following settings:


    KTAP-ALLOW_COMBOS=Y
    KTAP_LIVE_UPDATE=Y
    KTAP_ENABLED=Y

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21675665

Page Feedback