CAS hosts

A Configuration Auditing System (CAS) host configuration defines one or more CAS instances.

After you define one or more CAS template sets, and install CAS on a database server, you are ready to configure CAS on that host. A CAS host configuration defines one or more CAS instances. Each CAS instance specifies a CAS template set, and defines any parameters that are needed to connect to the database. Each database server on which CAS is installed has a single CAS host configuration, which typically contains multiple CAS instances. For example, one CAS instance to monitor operating system items, and additional CAS instances to monitor individual database instances.

  • Define a CAS Instance
  • Modify a CAS Instance
  • Delete a CAS Instance
  • Disable a CAS Instance

Define a CAS Instance

  1. Open the CAS Configuration Navigator by clicking Harden > Configuration Change Control (CAS Application) > CAS Host Configuration.

    The menu lists all database servers where CAS is installed and this host is connected to the Guardium® system.

  2. Filter by the OS Type or DB Type to find the host that you want to work with.
  3. Highlight the host that you want to modify and click Modify.
  4. Select a Template Set from the menu.
    Note: You cannot define a CAS Instance if the host is offline or on a secondary Guardium system for the host.
  5. Click Add Datasource to open the Select datasource window.
    Note: If no compatible datasource is available for this template set on this host, click Add datasource to open the Create datasource window and add a datasource.
  6. Select the data source that you want to add to the template set, and click Save to add it to the template set.

Finding the Guardium CAS Pane

Access to CAS Configuration Functions is restricted to the admin and users who are assigned the CAS role.

Click Harden. All of the CAS functions are listed within the Configuration Change Control (CAS Application) header.

Open the CAS Configuration Navigator

The CAS Configuration Navigator page is the starting point for creating or modifying CAS Hosts.

Open the CAS Configuration Navigator page by clicking Harden > Configuration Change Control (CAS Application) > CAS Host Configuration.

Modify a CAS Instance

  1. Open the CAS Configuration Navigator.
  2. Filter by the OS Type or DB Type to find the instance that you want to work with.
  3. Highlight the host to modify and click Modify.

    A list of defined CAS instances that are associated with the selected host displays with the following information and editing options:

    Table 1. Modify a CAS Instance
    Component Description

    Disable/Enable Instance Icon

    Click the Disable Instance icon to disable or enable the CAS instance

    Delete Instance Icon

    Click the Delete Instance icon to delete the CAS instance

    Datasource

    Identifies the data source that is used by the instance. To edit the data source definition, click Datasource to open the Datasource Definition pane.

    Template Set

    Identifies the CAS template set used by the instance. To view or modify the template set definition, click the link to open the Monitored Item Template Definitions pane.

    For more information, see Working with CAS templates.

    Monitored Items

    A count of items currently monitored by the instance. Click this link to open the Monitored Items Definitions pane, which displays the list of all items that are currently monitored.

    For more information, see View Monitored Item Lists.
    Note: Up to 10,000 monitored items are viewable for reports regardless of the number of monitored items that are defined. To view more items when the number of monitored items approaches this limit, define multiple instances.

Delete a CAS Instance

  1. Open the CAS Configuration Navigator
  2. Filter by the OS Type or DB Type to find the instance that you want to work with.
  3. Click Delete Instance to delete a CAS instance. All collected change data is also deleted.

Disable a CAS Instance

  1. Open the CAS Configuration Navigator.
  2. Filter by OS Type or DB Type to find the instance that you want to work with.
  3. Highlight the host that you want to modify and click Modify, or double-click to open the Host Instance Definitions pane.
  4. Click Disable Instance to disable a CAS Instance. Change data is not collected until the instance is enabled again when you click the icon.

View Monitored Item Lists

In the Host Instance Definitions pane, click a Monitored Items link to view the complete list of items monitored in the Monitored Items Definitions pane. The following table describes the components in the Monitored Items Definitions pane for this Host Configuration.

All the monitored items refer to raw data, a character object on the host, the result of an SQL query, the output of an OS script, or the contents of a file. The size of that character object is computed. If the item is a file, then the permissions, owner, group, and last modified time are also checked. If any of the objects changed since the last time the item was checked, the change is noted.
Table 2. View Monitored Item Lists
Component Description

Select Box

Check the Select Box if you'd like to edit a monitored item individually or as a group.

Double-click any monitored item to edit that item.

Item

The name of the monitored item from the description in the CAS Item Template Definition pan.e

Type

One of the following types:
  • OS Script or SQL Script: The actual text or the path to an operating system or SQL script, whose output will be compared with the output produced the next time that it runs.
  • File or File Pattern: A specific file or a pattern to identify a set of files.
  • Environment Variable or Registry Variable: An environment variable or a (Windows) registry variable.

Period

The average interval between tests, which are specified as a number of seconds (s), minutes (m), hours (h), or days (d).

Keep Data

If marked, a copy of the actual data is saved with each change. For example, for a file item, a copy of the file is saved. If marked, but the size of the raw data for the item is greater than the Raw Data Limit configured for this CAS host, no data is saved.

Use MD5

Indicates whether the comparison is done by calculating a checksum of the raw data by using the MD5 algorithm. Computing the MD5 checksum is time-consuming for large character objects. However, it is a better indicator of change than just the size. The default is not to use MD5. If MD5 is used, but the size of the raw data is greater than the MD5 Size Limit configured for the CAS host, the MD5 calculation and comparison is skipped.

Configuration Auditing System APIs

CAS includes a robust set of GuardAPIs and REST APIs that you can use to manage hosts, template items, and template sets outside of the Guardium UI. For more information about the APIs, see Configuration Auditing System APIs.