Linux-UNIX: Db2 IE configuration
View a typical insepction engine configuration, and flows for enabling and disabling A-TAP, and opening the SSL console for an Db2 inspection engine.
Typical Db2 inspection engine configuration
name =db24
type =db2
sequence =4
connect to IP=127.0.0.1
install dir = /home/db2inst1
exec file = /home/db2inst1/sqllib/adm/db2sysc
encrypted = no
port range = 50000 - 50000
ktap real port = 50000
identifier = db2_9.32.164.228(50000,50000,DB_3)
client = 0.0.0.0/0.0.0.0
Activate and deactivate A-TAP for SSL traffic
Before activating A-TAP, you need to
stop the Db2 instance:
systemctl stop db2
Activate A-TAP:/usr/local/guardium/guard_stap/guardctl --db-user=db2 --db-type=oracle --db-instance=db2 --db-base=/home/ibmuser --db-home=/usr db2
Restart
the Db2 instance:systemctl start db2
Set up Db2 with TLS/SSL certificate and key
For example, on an instance with SSL and kerberization:
Deactivating A-TAP
Before deactivating A-TAP, you need to
stop the Db2 instance.
systemctl stop db2
Deactivate A-TAP:Restart the Db2 instance:systemctl start db2