Prerequisites, installing and running CAS on a Linux, UNIX server
Learn about the Configuration Auditing System (CAS) prerequisites for Linux® and UNIX servers, and how to install the CAS agent on your database server.
Prerequisites for Linux or UNIX servers
- CAS works with the following Java™ distributions: IBM®, OpenJDK, or Sun.
- The CAS server must be a Guardium® collector. The CAS server parameter (CAS_SQLGUARD_IP to install CAS with GIM, or sqlguard_ip if you install CAS from the command line) is required.
Disk Space | Description |
---|---|
CAS Program files, including Java |
AIX® - 309 MB, HP-UX - 630 MB, Linux - 405 MB, Solaris - 390 MB Java runtime environment (JRE) 1.8 or later is required for CAS. You must obtain and install a JRE yourself (due to licensing constraints). |
Port | Protocol | Guardium connection to ... |
---|---|---|
16017 |
TCP |
Clear CAS |
16019 |
TLS |
Encrypted CAS |
Installing CAS with GIM
You can install CAS as a bundle with the Guardium
Installation Manager (GIM), in the same way you install any other module. Use the following process,
which is described in detail in Set up by
client, to install CAS with GIM:
- Browse to .
- Select the server where you want to install CAS and then click Next.
- Select the CAS bundle and click Next.
- Enter the Java home parameter for CAS. For more information, see Locating the Java home directory and version.
- Click Install to install the CAS bundle.
Note: If your site installed CAS using GIM in v10.6 or earlier, and then you upgrade CAS using
GIM, delete and then re-create the Template/Datasource mapping after you upgrade. For more
information, see CAS hosts.
Installing CAS client from the command line
Take the following steps to install the CAS client from the CLI:
- Log on to the database server system with the root account.
- Run the install command:
<guard-cas-setup>.sh -- install --java-home <JAVA_HOME> [--install-path <INSTALL_PATH>] {--stap-conf <FULL_PATH_TO_GUARD_TAP_INI> | --sqlguard_ip <IP_OF_GUARDIUM_COLLECTOR>}
Where:- <guard-cas-setup> - Identifies the name of the script file.
- -- install - Indicates an installation of CAS.
- --java-home - Identifies the JAVA_HOME directory.
- --install-path - Identifies the installation path. You can specify the
directory where you want to install the CAS client. Create the directory from root (make sure that
the permissions are set to 755). If you do not include a directory in the installation path,
Guardium automatically creates the directory for you.Note: If you install CAS on an AIX server, make sure that enough space is available to process the data segments (as defined in the data parameter of the AIX /etc/security/limits file). The default, and recommended value, for the data parameter is -1 (unlimited). However, if your site requires an actual value, Guardium suggests that you set this limit to at least 1 GB.
If you modify /etc/security/limits, you might need to restart your server.
- You must include one of the following parameters:
- --stap-conf - Use when the guard_tap.ini file is
located in the specified
stap-conf
directory. The installer uses the guard_tap.ini file as-is. - --sqlguard_ip- Use the default .ini file provided by the installer. In this
case, the installer modifies the sqlguard_ip key inside the .ini file with the
value that is provided by the
--sqlguard_ip
parameter.
- --stap-conf - Use when the guard_tap.ini file is
located in the specified
Note: You must specify either --stap-conf or --sqlguard_ip.
Note: For more information about modifying the guard_tap.ini file, see Editing the S-TAP® configuration
parameters
Uninstall a CAS client
Enter the following command to uninstall a CAS client.
Note: To ensure that the CAS client is
completely uninstalled, call uninstall from a directory that is above the
<INSTALL_PATH>. The CAS files are not removed if you run the command from
the <INSTALL_PATH> or any directory underneath
it.
<INSTALL_PATH>/bin/guard-cas-setup uninstall
Start and stop CAS from the command line
Depending on your install or uninstall scenario, you might need to start and stop CAS from the command line.
To start or stop CAS, log on to the database server system with the root account. Depending on
your operating system, use one of the following methods.
- For Red Hat® Enterprise Linux 6: Stop or start CAS with the stop cas or start cas commands.
- For Red Hat Enterprise Linux 7: Stop or start CAS with the systemctl stop guard_cas or systemctl start guard_cas commands.
- For other operating systems:
- Comment out (to stop CAS) or undo the comment (to start CAS) for the CAS agent entry in the
/etc/inittab file. By default, the statement is as follows:
cas:<nnnn>::respawn:/usr/local/guardium/guard_stap/cas/bin/run_wrapper.sh /usr/local/guardium/guard_stap/cas/bin
- Save the /etc/inittab file.
- Run the init q command
- Comment out (to stop CAS) or undo the comment (to start CAS) for the CAS agent entry in the
/etc/inittab file. By default, the statement is as follows:
- To validate whether CAS is running, enter the ps -fe | grep cas command.