Linux-UNIX: Installing the S-TAP agent with RPM

You can install and update S-TAP on a Linux server using the RPM. The advantage of installing by RPM is that you install and maintain S-TAP using the same method that you manage all other software on the database server.

Before you begin

  • Verify all Linux-UNIX: S-TAP installation prerequisites.
  • Obtain the correct S-TAP installer script, from either Fix Central, or your Guardium representative. The script name identifies the database server operating system.
  • The S-TAP shell installer does not install if there is already an RPM installed (preventing double installation).
  • RPM is supported for RHEL and for SUSE Linux databases.

About this task

RPM names have the format: guard-stap-10.6.0.0.89165-1-rhel-6-linux-x86_64.x86_64.rpm, where the first three numbers are the release number of STAP (10.0.0, 10.1.2, etc) and the fourth number is the code revision (89165). The number immediately following is the package iteration which would increment in the case of adding K-TAP modules to the RPM.

There is a single RPM for the 32-bit S-TAPs and two RPMs for the 64-bit S-TAPs so that the 64-bit S-TAP does not have a dependency on 32-bit libraries if 32-bit exit libraries are not required. The extra RPM looks like guard-stap-32bit-exit-libs-10.1.0.89165-1-rhel-6-linux-x86_64.x86_64.rpm and has a dependency on the main RPM.

By default, the installation process checks the Linux kernel to determine whether a K-TAP module has been created to work with that kernel. If it exists, it installs (sets ktap_installed = 1). If there is none, K-TAP does not install unless you have enabled Loader Flexibility, which aids in the installation of currently built modules when an exact match does not exist. When Loader Flexibility is enabled, it attempts to build a K-TAP to match your Linux kernel.

RPM installs S-TAP to /opt/guardium; this location cannot be changed. tap_ip is set automatically to the hostname of the system. sqlguard_ip is set to 127.0.0.1 as a placeholder for proper configuration. Complete the configuration after the installation, as described in this procedure.

RPM logs are saved to /opt/guardium/rpm_logs

You can run the guard-config-update script as root user or a non-root user. Use the help command to see your permitted functions.

Procedure

  1. Unzip the S-TAP package.
  2. Log in to the database server as root and copy the RPM to /tmp.
  3. To enable Loader Flexibility, set the Linux environment variable NI_ALLOW_MODULE_COMBOS="Y". (This is particularly useful if you are using a service to push the RPMs, then you don't need to access every machine and set the parameter after installation.) Otherwise you can use the guard-config-update parameter --set-flexload
  4. Run the rpm -i <RPM_NAME> command.
    The S-TAP installs.
  5. Run guard-config-update with the --retry-ktap-load parameter.
  6. Take one of the following steps to complete the configuration:

What to do next

After installation completes, verify S-TAP status:
  • Verify that the row of the S-TAP has a green status (first column) in Monitor > Maintenance > S-TAP Logs > S-TAP Staus