Installing and activating the FAM discovery agent (crawler) on UNIX servers

Install the GIM client on a UNIX file server, then use it to install the file activity monitoring discovery agent (crawler).

Before you begin

  • Restriction: FAM discovery agent (crawler) is only applicable to Guardium® Data Protection versions 11.4, 11.5 and 12.0.
  • License keys must be installed. See Install license keys.
  • S-TAP for FAM must be installed. Required for file monitoring and policy enforcement. See Linux-UNIX: Installing, upgrading and uninstalling S-TAP agents.
  • Verify that a bash shell is installed.
  • Verify that the Compatibility standard C++ libraries i686 package libraries are installed. When running ICC with the incorrect libstdc version, the client will receive a bnsRun error. If the FAM discovery agent is already installed, uninstall and re-install the agent after you install the libraries.
  • FAM discovery agent (also known as the FAM bundle or FAM agent) must be accessible. Required for file discovery and classification. Download from Fix Central or obtain from your Guardium representative.
  • Disk space requirements for FAM bundle: 2GB. AIX platforms require an additional 2GB during installation.
  • The FAM discovery agent (crawler) does not support TLS encryption.
Tip: To install the FAM discovery agent successfully on AIX, it is recommended to set the process data size to unlimited. Access the file /etc/security/limits and change this line to default: data = -1.

Procedure

  1. Install the GIM client on the file server. See Guardium installation manager.
  2. Download the FAM bundle and save it in an accessible drive.
    The UNIX bundle has a name like: guard-bundle-FAM_r*****_trunk_*****.gim.
  3. On the central manager (if there is one), upload and import the FAM bundle. If there is no central manager, upload and import the FAM bundle to the appliance.
    1. Navigate to Manage > Module Installation > Upload Modules.
    2. Under Upload Module, click Browse and navigate to the FAM bundle. Click Upload.
    3. Under Import uploaded modules, select the FAM bundle and click Install/Update.
  4. Install and configure the FAM bundle using Manage > Module Installation > Set up by Client.
    For more information on GIM, see Set up by Client.
    1. To enable the FAM monitor, set STAP_FAM_ENABLED to 1 (enabled). This is required even if you are only using the FAM discovery agent.
    2. FAM discovery is enabled by default (FAM_ENABLED).
      Configure additional parameters as relevant.
      • Configure SOURCE_DIRECTORIES for the directories you want to scan.
      • By default, the agent performs basic scanning for entitlement information. To enable scanning based on decision plans, such as for SOX or HIPAA, set FAM_IS_DEEP_ANALYSIS to true. By default, it uses all of the default decision plans. You can specify which decision plans you want it to use.
      • The default schedule for the scanning is every 12 hours, and starts immediately upon configuration. You can change these using GIM parameters FAM_SCHEDULER_HOUR_TIME_INTERVAL, FAM_SCHEDULER_START, FAM_SCHEDULER_REPEAT.
      See full parameter list in File discovery and classification GIM parameters.
      Note: You can also configure GIM parameters using the grdapi command: gim_update_client_params.
  5. Verify that the FAM discovery agent installed successfully by viewing the Guardium S-TAP Status Monitor report (add the report from My Dashboards). Look for the FAM_Agent suffix in the IP address of the S-TAP host.
  6. To trigger file rediscovery later without uninstalling and reinstalling the FAM bundle:
    1. Remove the files under the work directory. If Guardium is installed in the default directory, the files to be removed are in this directory on the file server: /usr/local/IBM/modules/FAM/current/files/work
    2. Change any FAM parameters in GIM, for example, changing the time interval from 5 to 10 minutes.
    3. Click Apply to Selected then click Install/Update.

Results

Discovery and Classification results: After you install the FAM discovery agent (file crawler), a basic run of the file crawler begins, using the initial path that you specified during the installation. Each time the crawler completes its run, it sends a status message that is included in the Files Crawler Configuration report. This process gathers the list of folders and files, their owner, access permissions, size, and the time and date of the last update.