Install the GIM client on a UNIX file server, then use it to
install the file activity monitoring discovery agent (crawler).
Before you begin
Tip: To install the FAM discovery agent successfully on AIX, it is recommended to set
the process data size to unlimited. Access the file /etc/security/limits and
change this line to default: data = -1.
Procedure
-
Install the GIM client on the file server. See Guardium installation
manager.
-
Download the FAM bundle and save it in an accessible drive.
The UNIX bundle has a name like:
guard-bundle-FAM_r*****_trunk_*****.gim.
-
On the central manager (if there is one), upload and import the FAM bundle. If there is no
central manager, upload and import the FAM bundle to the appliance.
-
Navigate to .
-
Under Upload Module, click Browse and navigate to the FAM bundle. Click
Upload.
-
Under Import uploaded modules, select the FAM bundle and click
Install/Update.
-
Install and configure the FAM bundle using .
-
To enable the FAM monitor, set STAP_FAM_ENABLED to 1 (enabled). This is required even if you are only using the FAM discovery
agent.
-
FAM discovery is enabled by default (FAM_ENABLED).
Configure additional parameters as relevant.
- Configure SOURCE_DIRECTORIES for the directories you want to scan.
- By default, the agent performs basic scanning for entitlement information. To enable scanning
based on decision plans, such as for SOX or HIPAA, set FAM_IS_DEEP_ANALYSIS to
true. By default, it uses all of the default decision plans. You can specify which decision plans
you want it to use.
- The default schedule for the scanning is every 12 hours, and starts immediately upon
configuration. You can change these using GIM parameters
FAM_SCHEDULER_HOUR_TIME_INTERVAL, FAM_SCHEDULER_START,
FAM_SCHEDULER_REPEAT.
See full parameter list in
File discovery and classification GIM parameters.
Note: You
can also configure GIM parameters using the grdapi command:
gim_update_client_params.
- Verify that the FAM discovery agent installed successfully by viewing the Guardium S-TAP
Status Monitor report (add the report from My Dashboards). Look for the FAM_Agent suffix in the IP
address of the S-TAP host.
-
To trigger file rediscovery later without uninstalling and reinstalling the FAM bundle:
-
Remove the files under the work directory. If Guardium is installed in the default directory,
the files to be removed are in this directory on the file server:
/usr/local/IBM/modules/FAM/current/files/work
-
Change any FAM parameters in GIM, for example, changing the time interval from 5 to 10
minutes.
-
Click Apply to Selected then click
Install/Update.
Results
Discovery and Classification results: After you install the FAM discovery agent (file
crawler), a basic run of the file crawler begins, using the initial path that you specified during
the installation. Each time the crawler completes its run, it sends a status message that is
included in the Files Crawler Configuration report. This process gathers the list of folders and
files, their owner, access permissions, size, and the time and date of the last update.