Linux-UNIX: S-TAP install script parameters
Understand the guard-stap-setup script for installing an S-TAP.
Install script command line syntax
Usage guard-stap-setup [options]
Example
./guard-stap-guard-<release number>_<revision number>_1-rhel-5-linux-x86_64.sh -- --ni --dir <guardium_installation_directory> --tapip <tap_ip or host_name> --sqlguardip < sqlguard_ip or host_name>
Parameter | Usage |
---|---|
--? | Help - displays commands and their descriptions |
--ni | Non-interactive install. |
-k | -p | Specify whether to install with K-TAP (-k) or to not install K-TAP (-p) when K-TAP is not required (such as when using an Exit). |
--ignore-compat | Ignore script compatibility check. |
-u | Update if a previous installation is found. |
--user | --root | Run S-TAP as
user or root. For more information about how to define these parameters, see Linux-UNIX: Before you start installing S-TAP. |
--userinst | --rootinst | Install S-TAP as
user or root. For more information about how to define these parameters, see Linux-UNIX: Before you start installing S-TAP. |
--overwrite-existing | Overwrite the existing installation if found. This parameter is disabled by default. If you specify it in an install or upgrade, it is disabled again after the install or upgrade completes. |
--libdir <library> | System library path. The library files must be located in a directory that is configured as trusted by the system. For example, /usr/lib on Linux, even on 64-bit systems. Default = /usr/lib |
--tls force | none | S-TAP TLS setting. The failover option is deprecated from v10.5. |
--dir <dir> | S-TAP install directory. |
--ipfile <file> | Text file that specifies a list of hostnames, IP addresses, and Guardium system addresses
separated by a single space. For example: The command would look
like:/var/tmp/guard-stap-10.0.0_r103368_v10_5_1-rhel-5-linux-x86_64.sh --ni --dir
/usr/local --ipfile /var/tmp/ipfile.txtGIM is a much easier way of configuring these parameters. |
--tapip <tapip> | The IP of the machine S-TAP is being installed on. |
--sqlguardip <sqlguardip> | The IP of the Guardium system this S-TAP should communicate with. |
--presets <file> | <preset-options> | Read installation settings or write them to a file. |
--no-discovery | Do not use the discovery utility to configure inspection engines. This parameter is disabled by default. If you specify it in an install or upgrade, it is disabled again after the install/upgrade completes. |
--modules <module-bundles> | Specify an external K-TAP modules bundle. |
--ktap_allow_module_combos | Controls the FlexLoad mechanism: Allow inexact kernel match for K-TAP loading. If the bundle does not have an exact kernel match, it installs the best match. This parameter is disabled by default. If you specify it in an install or upgrade, it is disabled again after the install/upgrade completes. |
--ktap_prevent_exact_match_build | When specified, disables the K-TAP local build. It is not recommended to set this parameter; it increases the likelihood of not being able to find a matching module for the running kernel. This parameter is disabled by default. If you specify it in an install or upgrade, it is disabled again after the install/upgrade completes. |
--ktap_log_rotate_file_size <file size in KB> | This parameter, together with KTAP_AIX_LOG_ROTATE_NFILES, configure the ktap.log rotation on AIX servers. When the file size reaches this threshold, in KB, it rotates. This parameter does not need modification. Valid values: >= 10. Default = 512 |
--ktap_log_rotate_nfiles | The ktap.log rotation on AIX servers is enabled, by default, during installation or upgrade from previous version. This parameter specifies the maximum number of files to keep. This parameter does not need modification. Valid values: >= 2. Default=2 |
--load-balancer-ip <load_balancer_ip> | The IP address of the central manager or managed unit this S-TAP uses for enterprise load balancing. |
--lb-app-group <app_group> | The application group name that this S-TAP belongs to for
enterprise load balancing. Attention: Group names with spaces or
special characters are not supported.
|
--lb-mu-group <mu_group> | The Managed Unit group name the app-group is associated with. Requires a defined
LB-APP-GROUP. Define the MU group on the central manager before installing the S-TAP. Attention: Group names with spaces or special characters are not supported.
|
--lb-num-mus <number_of_mus> | The number of managed units the enterprise load balancer allocates for this S-TAP. |
--fam-enable | Enables or disables FAM. FAM rules must be defined in order for FAM to run. If rules are not
defined, enabling this parameter opens a connection to the Guardium system on port 16022 (or 16023
if using encryption), but FAM remains essentially disabled. Default value: 0 If this parameter is present in the script arguments, then the fam_enable is set to 1. |
--fam-installed | Valid values: 0 and 1. 0: FAM module will not be installed. 1: FAM module will be installed Default value: 0 |