Linux-UNIX: S-TAP install script parameters

Understand the guard-stap-setup script for installing an S-TAP.

Install script command line syntax

Usage guard-stap-setup [options]

Example
./guard-stap-guard-<release number>_<revision number>_1-rhel-5-linux-x86_64.sh -- --ni --dir <guardium_installation_directory>   --tapip <tap_ip or host_name>  --sqlguardip < sqlguard_ip or host_name>
Parameter Usage
--? Help - displays commands and their descriptions
--ni Non-interactive install.
-k | -p Specify whether to install with K-TAP (-k) or to not install K-TAP (-p) when K-TAP is not required (such as when using an Exit).
--ignore-compat Ignore script compatibility check.
-u Update if a previous installation is found.
--user | --root Run S-TAP as user or root.

For more information about how to define these parameters, see Linux-UNIX: Before you start installing S-TAP.

--userinst | --rootinst Install S-TAP as user or root.

For more information about how to define these parameters, see Linux-UNIX: Before you start installing S-TAP.

--overwrite-existing Overwrite the existing installation if found. This parameter is disabled by default. If you specify it in an install or upgrade, it is disabled again after the install or upgrade completes.
--libdir <library> System library path. The library files must be located in a directory that is configured as trusted by the system. For example, /usr/lib on Linux, even on 64-bit systems. Default = /usr/lib
--tls force | none S-TAP TLS setting. The failover option is deprecated from v10.5.
--dir <dir> S-TAP install directory.
--ipfile <file> Text file that specifies a list of hostnames, IP addresses, and Guardium system addresses separated by a single space. For example:
database-01 10.10.10.1 gmachine-01
database-02 10.10.10.2 gmachine-01
database-03 10.10.10.3 gmachine-02
The command would look like:/var/tmp/guard-stap-10.0.0_r103368_v10_5_1-rhel-5-linux-x86_64.sh --ni --dir /usr/local --ipfile /var/tmp/ipfile.txt
GIM is a much easier way of configuring these parameters.
--tapip <tapip> The IP of the machine S-TAP is being installed on.
--sqlguardip <sqlguardip> The IP of the Guardium system this S-TAP should communicate with.
--presets <file> | <preset-options> Read installation settings or write them to a file.
--no-discovery Do not use the discovery utility to configure inspection engines. This parameter is disabled by default. If you specify it in an install or upgrade, it is disabled again after the install/upgrade completes.
--modules <module-bundles> Specify an external K-TAP modules bundle.
--ktap_allow_module_combos Controls the FlexLoad mechanism: Allow inexact kernel match for K-TAP loading. If the bundle does not have an exact kernel match, it installs the best match. This parameter is disabled by default. If you specify it in an install or upgrade, it is disabled again after the install/upgrade completes.
--ktap_prevent_exact_match_build When specified, disables the K-TAP local build. It is not recommended to set this parameter; it increases the likelihood of not being able to find a matching module for the running kernel. This parameter is disabled by default. If you specify it in an install or upgrade, it is disabled again after the install/upgrade completes.
--ktap_log_rotate_file_size <file size in KB> This parameter, together with KTAP_AIX_LOG_ROTATE_NFILES, configure the ktap.log rotation on AIX servers. When the file size reaches this threshold, in KB, it rotates. This parameter does not need modification. Valid values: >= 10. Default = 512
--ktap_log_rotate_nfiles The ktap.log rotation on AIX servers is enabled, by default, during installation or upgrade from previous version. This parameter specifies the maximum number of files to keep. This parameter does not need modification. Valid values: >= 2. Default=2
--load-balancer-ip <load_balancer_ip> The IP address of the central manager or managed unit this S-TAP uses for enterprise load balancing.
--lb-app-group <app_group> The application group name that this S-TAP belongs to for enterprise load balancing.
Attention: Group names with spaces or special characters are not supported.
--lb-mu-group <mu_group> The Managed Unit group name the app-group is associated with. Requires a defined LB-APP-GROUP. Define the MU group on the central manager before installing the S-TAP.
Attention: Group names with spaces or special characters are not supported.
--lb-num-mus <number_of_mus> The number of managed units the enterprise load balancer allocates for this S-TAP.
--fam-enable Enables or disables FAM. FAM rules must be defined in order for FAM to run. If rules are not defined, enabling this parameter opens a connection to the Guardium system on port 16022 (or 16023 if using encryption), but FAM remains essentially disabled.

Default value: 0

If this parameter is present in the script arguments, then the fam_enable is set to 1.

--fam-installed Valid values: 0 and 1.

0: FAM module will not be installed.

1: FAM module will be installed

Default value: 0