Topic
  • 4 replies
  • Latest Post - ‏2013-08-22T13:29:54Z by Nishn
Nishn
Nishn
3 Posts

Pinned topic Guadium v9.0 and Solaris 10

‏2013-08-20T13:57:17Z |

Hi, I have an agent based deployment of Solaris 10. I have noticed in the reports that the "Client IP" displayed is that of the Global zone ip. What could be the reason for this?

 

Thanks,

 

~Nish

  • vindal0012
    vindal0012
    13 Posts

    Re: Guadium v9.0 and Solaris 10

    ‏2013-08-22T01:43:58Z  

    I'm quoting this from the help pdf file of the IBM Guardium:

    "When installing S-TAP in a Solaris zones configuration, regardless of the zone in which the database runs, S-TAP must be installed on the master zone (globalzone) since the local zones shares information from the master zone. Also, both "DB Install Dir" path and "Process Name" in the Inspection Engine has to be from the global zone also. (From the global zone, S-TAP monitors access to
    databases in all zones.)

    Note: At the end of the installation :
    - K-Tap will not be loaded on the local zone as it is only loaded on the global
    but is visible on the local zones
    - S-TAP will not be running on the local zones"

    Also, I am not an expert in Solaris but I noticed that it cannot read an SQL traffic from an IP address of 127.0.0.1 (which works on Oracle 11g). I had to input the exact IP address of the DB server for IBM Guardium to read SQL traffic. If not, only the database activity is read. 

  • Nishn
    Nishn
    3 Posts

    Re: Guadium v9.0 and Solaris 10

    ‏2013-08-22T10:51:13Z  

    I'm quoting this from the help pdf file of the IBM Guardium:

    "When installing S-TAP in a Solaris zones configuration, regardless of the zone in which the database runs, S-TAP must be installed on the master zone (globalzone) since the local zones shares information from the master zone. Also, both "DB Install Dir" path and "Process Name" in the Inspection Engine has to be from the global zone also. (From the global zone, S-TAP monitors access to
    databases in all zones.)

    Note: At the end of the installation :
    - K-Tap will not be loaded on the local zone as it is only loaded on the global
    but is visible on the local zones
    - S-TAP will not be running on the local zones"

    Also, I am not an expert in Solaris but I noticed that it cannot read an SQL traffic from an IP address of 127.0.0.1 (which works on Oracle 11g). I had to input the exact IP address of the DB server for IBM Guardium to read SQL traffic. If not, only the database activity is read. 

    Thanks for your reply!

    The thing is that I see this happening for application server traffic as well.

    The installation was done as normal. I installed on the global zone and added the DB server IPs of different zones in the alternate IPs section of the guard_tap.ini file. The Server IPs in the report is fine as I can see individual connections to the zones. In the client IP section within the guardium reports, i see the ip address of the global zone as opposed to the actual client ips.

     

    ~Nish

     

     

     

  • vindal0012
    vindal0012
    13 Posts

    Re: Guadium v9.0 and Solaris 10

    ‏2013-08-22T13:16:28Z  
    • Nishn
    • ‏2013-08-22T10:51:13Z

    Thanks for your reply!

    The thing is that I see this happening for application server traffic as well.

    The installation was done as normal. I installed on the global zone and added the DB server IPs of different zones in the alternate IPs section of the guard_tap.ini file. The Server IPs in the report is fine as I can see individual connections to the zones. In the client IP section within the guardium reports, i see the ip address of the global zone as opposed to the actual client ips.

     

    ~Nish

     

     

     

    In my perspective, I think of global zone and local zone as similar to NAT where we have the private and public address. For the devices having private ip addresses to communicate outside the internal network, a single public address needs to represent them. Same way only public addresses are recognized over the internet (external network), my guess is that only global zones are recognized over the network. I think that Guardium sees all client connection to the database from an outside perspective thus may be the reason why it only reports the global ip address (which represents the whole system regardless of the different local zones in it). I may be wrong with this assumption but that is the only way I can explain why Guardium only reports the global ip address. If I have time, I'll try and see if I can prove my assumptions (cause I may work on Solaris later on)

  • Nishn
    Nishn
    3 Posts

    Re: Guadium v9.0 and Solaris 10

    ‏2013-08-22T13:29:47Z  

    In my perspective, I think of global zone and local zone as similar to NAT where we have the private and public address. For the devices having private ip addresses to communicate outside the internal network, a single public address needs to represent them. Same way only public addresses are recognized over the internet (external network), my guess is that only global zones are recognized over the network. I think that Guardium sees all client connection to the database from an outside perspective thus may be the reason why it only reports the global ip address (which represents the whole system regardless of the different local zones in it). I may be wrong with this assumption but that is the only way I can explain why Guardium only reports the global ip address. If I have time, I'll try and see if I can prove my assumptions (cause I may work on Solaris later on)

    Logically, it makes sense to me. But i will have to dig deeper. There is a solaris VM available with Oracle that can be downloaded from oracle. I will have to play around with that.