File handling CLI Commands
Use these commands to backup and restore system information. Many of these tasks can be performed from Guardium® user interface.
About Archived Data File Names
When Guardium data is archived (or exported to an aggregator), there is a separate file for each day of data. Depending on how your export/purge or archive/purge operation is configured, you may have multiple copies of data exported for the same day. Archive and export data file names have the same format:
<daysequence>-<hostname.domain>-w<run_datestamp>-d<data_date>.dbdump.enc
- daysequence is a number representing the date of the archived data, expressed as the number of days since year 0. The same date appears in yyyy-mm-dd format in the data_date portion of the name.
- hostname.domain is the host name of the Guardium appliance on which the archive was created, followed by a dot character and the domain name.
- run_datestamp is the date that the data was archived or exported, in yyyymmdd.hhmmss format.
- data_date is the date of the archived data, in yyyy-mm-dd format.
For example: 732423-g1.guardium.com-w20050425.040042-d2005-04-22.dbdump.enc
backup config
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the /media/backup directory. The backup config command removes license and other machine-specific information. The backup system command provides a more comprehensive backup of the configuration and the entire system.
Syntax
backup config
restore config
backup system
This topic applies to backup and restore operations for the Guardium internal database. You can back up or restore data, configuration information, or both. These commands stop all inspection engines and web services and restart them after the operation completes.
For all backup, import, and restore commands, you receive a series of prompts to supply some combination of the following items, depending on which storage systems are configured, and the type of restore operation. Respond to each prompt as appropriate for your operation. Table 1 describes the information for which you might be prompted.
- One copy of the SCP/SFTP/TSM/Centera file transfer is saved, whether or not the transfer is successful. Certain files can take hours to regenerate (such as system backup), so having an available copy (in particular if the file transfer failed) can be a valuable time-saver. Only one copy of each type of file is retained (that is, one archive, one system backup, one configuration backup, and so on).
- The backup system command copies the current license, metering and number of data sources, and then backs up the data. Use restore backup to restore the data and then restore the license, metering, and number of data sources.
- When configuring backups, a value of zero '0' for the port number indicates that the default port is being used for that protocol.
Item | Description |
---|---|
|
Select the method to use to transfer the file. Storage methods display only if they are enabled. For more information, see the store storage-system command. |
Data or Configuration | Select Configuration to back up definitions and configuration information only, or select Data to back up data in addition to configuration information. |
restore from archive or restore from backup | Select restore from archive to restore archived data, or select restore from backup to restore configuration information. |
normal or upgrade | If restoring from the same software version of Guardium, select normal. If restoring configuration information following software upgrade of the Guardium appliance, select upgrade. |
host | The remote host for the backup file. |
remote directory | The directory for the backup file. For SFTP, the directory is relative to the SFTP root directory for the SFTP user account used. For SSH, the directory path is a full directory path. For Windows SSH servers, use Unix-style path names with forward slashes, rather than Windows-style backslashes. |
username | The user account name to use for the operation (for backup operations, this
user must have write/execute permission for the directory specified). Note: For Windows, a domain user is accepted with the format of
domain\user
|
password | The password for the username. |
file name | The file name for the archive or backup file. You can select multiple files by using the wildcard character (*) in the file name when using FTP, SCP, and Snapshot transfer methods. The wildcard character is not supported with TSM or Centera. |
Centera server | The Centera server name. If using PEA files, use the following format:
<Host name/IP>? <full PEA file name>, for
example: 128.221.200.56?/var/centera/us_profile_rwqe.pea.txt |
Centera clipID | For a Centera restore operation, the Content Address returned from the backup
operation. For example: 6M4B15U4JM4LBeDGKCPF9VQO3UA |
After you supply all of the information required for the backup or restore operation, a series of messages displays informing you of the results of the operation. For example, at the end of a successful restore backup operation, a message similar to the following is sent to the
/var/IBM/Guardium/log/diag/depot/upgrade_<TimeStamp>.log file:
2019-05-16-165208 Upgrade of v10.0 to v11.0.0 completed successfully
Prevent backup or archive scripts from filling up /var
The backup process will check for room in /var before running and fail. This process will also warn the user if there is insufficient space for backup.
The archive process will check the size of the static tables and make sure there is room in /var to create the archive.
An error is now logged in the logfile and GUI if the backup is over 50%
Example:
ERROR: /var backup space is at 60% used. Insufficient disk space for backup. CLI> backup system 1. DATA 2. CONFIGURATION Please enter the number of your choice: (q to quit) 1 1. SCP 2. CONFIGURED DESTINATION Enter the number of your choice: (q to quit) 2 Make sure destination is configured in the GUI under the System Backup option Please wait, this may take some time.
delete audit-data
Use this command only under the direction of Guardium Support. This command is used to remove compressed audit data files. You will be prompted to enter an index number to identify the file to be removed. See Archived Data File Names, for information about how archived data file names are formed.
You will be prompted to identify the file to be removed.
Syntax
delete audit-dataexport audit-data
Exports audit data from the specified date (yyyy-mm-dd) from various internal Guardium tables to a compressed archive file. The data from a specified date will be stored in a compressed archive file, in the /var/dump directory. The file created will be identified in the messages produced by the system. See the example. Use this command only under the direction of Guardium Support.
Syntax
export audit-data <yyyy-mm-dd>Example
export audit-data 2005-09-16 2005-09-16
Generates a set of messages similar to the following:
Extracting GDM_ACCESS Data ... Extracting GDM_CONSTRUCT Data ... Extracting GDM_SENTENCE Data ... Extracting GDM_OBJECT Data ... Extracting GDM_FIELD Data ... Extracting GDM_CONSTRUCT_TEXT Data ... Extracting GDM_SESSION Data ... Extracting GDM_EXCEPTION Data ... Extracting GDM_POLICY_VIOLATIONS_LOG Data ... Extracting GDM_CONSTRUCT_INSTANCE Data ... Generating tar file ... /var/csvGenerationTmp ~ GDM_ACCESS.txt GDM_CONSTRUCT.txt GDM_CONSTRUCT_INSTANCE.txt GDM_CONSTRUCT_TEXT.txt GDM_EXCEPTION.txt GDM_FIELD.txt GDM_OBJECT.txt GDM_POLICY_VIOLATIONS_LOG.txt GDM_SENTENCE.txt GDM_SESSION.txt ~ Generation completed, CSV Files saved to /var/dump/732570-supp2.guardium.com-w20050919110317-d2005-09-16.exp.tgz ok
The data from each of the named internal database tables is written to a text file, in CSV format. The name of the archive file ends with exp.tgz and the remainder of the name is formed as described in About Archived Data File Names.
You can use the export file command to transfer this file to another system.
export file
This command exports a single file named filename from the /var/IBM/Guardium/data/dump, /var/log or /var/IBM/Guardium/data/importdir directory.
Use this command only under the direction of Guardium Support. To export Guardium data to an aggregator or to archive data, use the appropriate menu commands on the Administration Console panel.
Syntax
export file </local_path/filename> <user@host:/path/filename>local_path must be one of the following: /var/IBM/Guardium/data/dump, /var/log or /var/IBM/Guardium/data/importdir
export-public-transfer-key
This command starts a script that forces a new set of ssh keys onto the specified remote host.
Imports the public part of the ssh transfer key onto a remote host. For more information, see Enabling ssh-key pairs for data archive, data export, data mart.
Syntax
export-public-transfer-keyexport remotelog_config
Use this command to propagate either Venafi or remote logging configurations from a central manager to some or all of its associated managed units.
Syntax
export remotelog_config < file | scp >- file - Exports the log to the default Guardium log location.
- scp - Follow the prompts to indicate where you want to store the log.
Examples
>export remotelog_config file
Remotelog config exported to /var/IBM/Guardium/log/remotelog_config_202208111122711.json
>export remotelog_config scp
Host: glab-123.mycompany.com username: hadrian.swall Full path: /hom/dev/hadrian.swall/test Warning: Permanently added 'glab-123.mycompany.com, 2.2.2.2' (ECDSA) to the list of known hosts. hadrian.swall@glab-123.mycompany.com's password: remotelog_conf_202208111122711
export rotated_message_logs
Use this command to export message logs to a remote directory. Each log is created with a unique name.
- Remote host username
- Remote host: The IP address of the remote host
- Remote host directory: The directory for the remote logs.
- Password: The password for the host user (that is, the host username).
- Scp port: To specify a special port, enter it when requested. To use the default port, enter 0 or press Enter.
Syntax
export rotated_message_logsfileserver
Use this command to start an HTTPS-based file server running on the Guardium appliance. This facility is intended to ease the task of uploading patches to the unit or downloading debugging information from the unit. Each time this facility starts, it deletes any files in the directory to which it uploads patches.
Syntax
fileserver <IP address
> <duration
>IP address
- Allows access to a specified fileserver. IP address from the local computer you are using is required to retrieve the IP address that is used to bring up the fileserver. If an IP address is not your local computers IP address, the fileserver will not launch.Duration
- Specifies the number of seconds (60 - 3600) to keep the fileserver active. After the specified number of seconds, the fileserver shuts down automatically.
In case of a security setup where browser sessions are redirected through a proxy server,
the IP address of the fileserver client will not be the same as the SSH client that started the
fileserver. Instead, the fileserver client will have the IP address of the proxy server, and this
address must pass the IP address
parameter. To find the proxy IP address, check
your browser settings or the client IP addresses shown in the Logins to
Guardium report in the Guardium Monitor interface.
Example
fileserver 10.0.0.1 3600
Starting the file server...
The file server is ready at https://guardium.system.com:8445
The timeout has been set to 3600 seconds and it may timeout during the uploading.
The upload will only be accessible from the IP you are logged in from: 10.0.0.1
Press ENTER to stop the file server.
Open the fileserver in a browser window, and do one of the following:
- To upload a patch, click Upload a patch and follow the directions.
- To download log data, click Sqlguard logs, navigate to the file you want and download as you would any other file.
When you are done, return to the CLI session and press Enter to terminate the session.
- From the Guardium CLI, run fileserver <your computer's IP address> 3600.
- Using a browser, go to https://<IP address of your Guardium system>/log/debug-logs/gdmmonitor_scripts/.
- Choose the file that matches your database type.
import file
Use this command to import a file.
Select the filetype from the list that displays when you run the command. You can use a wildcard (*) for the file name in the SCP, FTP, and snapshot methods.
Syntax
import file
For more information, see backup config and restore config.
import scanner_agent
- Nessus
- Qualys
Syntax
import scanner_agent <scp <agent> | sys <agent> <filename>
Where:
agent - A supported CVE scanner agent, either nessus or qualys.
- scp <agent> - Follow the prompts to indicate where you want to store the scanner agent.
- sys <agent> <filename> - Follow the prompts to indicate where you want
to store the scanner agent. Before you import the agent, it must be available on the Guardium
fileserver. For more information, see fileserver.
Required information:
- Hostname - The hostname or IP address where the agent resides.
- Username and password - The username and password to log into the host.
- Full filepath - The full path, including the filename of the agent to import, for example,
/site/a-support/scanner_tools/agents/NessusAgent/NessusAgent-10.4.2-es8.x86_64.rpm
.
For more information, see Configuring vulnerability scanner agents.
import tsm config
Uploads a TSM client configuration file to the Guardium appliance. You must do this before performing any archiving or backup operations using TSM. You will always need to upload a dsm.sys file, and if that file includes multiple servername sections, you will also need to upload a dsm.opt file. For information about how to create these files, check with your company’s TSM administrator.
You will be prompted for a password for the user account on the specified host.
Syntax
import tsm config <user@host:/path/[ dsm.sys | dsm.opt ]>
Parameters
user@host - User account to access the file on the specified host.
/path/[ dsm.sys | dsm.opt ] - Full path filename of the file to import.
If tsm config has passwordaccess=generate, the password stored in a local file, is sought. The root user needs to run the dsmc command once to create this local password file.
Would you like to run a dsmc command now to ensure password is set locally (y/n)? If the answer is y, run a "dsmc query options>>/dev/null" command, which will prompt user for password.
import tsm property
Use this CLI command to upload a file to /opt/tivoli/tsm/client/ba/bin/guard_tsm.properties.
The file size should be 1K.
Syntax
import tsm property user@host:file
This command will upload the input file to /opt/tivoli/tsm/client/ba/bin/guard_tsm.properties
restart scanner_agent
Restarts the specified CVE scanner agent.
Syntax
restart scanner_agent <agent>
Where:
agent - A supported CVE scanner agent, either nessus or qualys.
For more information, see Configuring vulnerability scanner agents.
restore backup
With this command you can restore and upgrade Guardium data files, configuration files, or both from a previously installed system to a newer system. The restore backup command does not take any parameters, but provides a series of questions to determine which files you want to restore. In order for the command to work, restore backup needs to be called on the same type of machine on the same patch level.
For any restore, you can select one data backup (DATA) file, one configuration file (CONFIG), or one of each.
- Two-factor authentication configuration
- Authentication credentials for system users
- Universal connector configuration
- Aggregator keys
- CA certificates and repository
- PKI certificates
- Repository of keys and certificates
- Web server configuration and customization
- FIPS enabled/disabled state
- OCR configuration
- Outlier configuration
- Spectrum Protect configuration
- GBDI configuration
- Log rotate configuration
- User information that is defined by the accessmgr user.
- Information included in export definitions.
- The file transfer method required for the storage type, such as AMAZONS3, FTP, SCP, SOFTLAYER, or TSM.
- The name of the backup host machine.
- The backup host username.
- The remote directory.
- The remote file to restore. You can use a wildcard (*) to select one or more files. For example, if you know that you want to restore a file from 2022, you can specify 2022* to show all files that include 2022 in the filename. If more than 10 files meet the criteria, Guardium will list up to 10 files at a time. You can select the file you want to import or show the next set of files.
- The password for the user on the host machine.
Syntax
restore backuprestore config
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the /media/backup directory. The backup config command removes license and other machine-specific information. The backup system command provides a more comprehensive backup of the configuration and the entire system.
When restoring a configuration, you must restore a backup that is of the same version and patch level as the original appliance where the backup was created.
Syntax
backup config
restore config
restore keystore
Use this command only under direction from Technical Support.
Use this command to restore certifications and private keys used by the Web servlet container environment (Tomcat).
Syntax
restore keystore
restore pre-patch-backup
Use this command only under direction from Technical Support.
Use this command to recover the pre-patch-backup when the appliance database is up or down.
Syntax
restore pre-patchbackup Please enter the information to retrieve the file: Is the file in the local system? (y/n) n Start to recover with the backup profile parameters. Please check the recovery status in the log /var/log/guard/diag/depot/patch_installer.log ok -------------------------------------- If answer 'n', abort the operation. If answer 'y', need to enter the file name.
set up vmware tools
Use this CLI command to install VMware that runs on the ESX infrastructure.
Syntax
setup vmware_tools [ install | uninstall ]
Step 1: Open the VM client/console and select the VM instance that contains the IBM® Guardium appliance. Right-click the instance, select (from the popup menu) Guest => Install/upgrade VMware tools. This enables the instance to access the VMware tools via a mount point.
Step 2: Run the CLI command (from within the VM client/console), setup vmware_tools install, to install VM tools.
setup scanner_agent
Set up a CVE scanner agent.
Syntax
setup scanner_agent <configure | enable | proxy | uninstall> <agent>
Where:
agent - A supported CVE scanner agent, either nessus or qualys.
- configure <agent> - Configure the specified agent that you imported (with
the import scanner_agent command), as follows:For a Nessus agent:
- Linking key - Available from the Tenable Nessus agents dashboard.
- Agent name - Default value is the Guardium system hostname.
- Host - Tenable Nessus system hostname where the agent connects.
- Port- Port number to connect to the Tennable Nessus system.
For a Qualys agent:- Customer ID - Available from the Qualys agent management dashboard.
- Activation ID - Available from the Qualys agent management dashboard.
- Server URI - Qualys system hostname where the agent connects.
- Proxy host - Proxy hostname, if needed.
- enable <agent> - For a Qualys agent, enable the agent after you configure it. Nessus agents start automatically after configuration.
- proxy <agent> - If you are using SSL with a proxy, then follow the prompts for your agent to enter proxy information.
- uninstall<agent> - Uninstalls the specified agent (nessus or qualys).
For more information, see Configuring vulnerability scanner agents.
show audit-data
Use this command to display any files that were created by executing the CLI command, export audit-data. For more information about audit data files, see export audit-data.
Syntax
show audit-data <yyyy-mm-dd>
show scanner_agent
Syntax
ca_bundle | configuration <agent> | status <agent> | supported >
Where:
agent - A supported CVE scanner agent, either nessus or qualys.
- ca_bundle - Show the certificate information to download with the store certificate scanner ca_bundle.
- configuration <agent> - Shows configuration details for the specified agent.
- status <agent> - Displays the status for the specified agent.
- supported - Displays a list of supported CVE agents.
For more information, see Configuring vulnerability scanner agents.
start scanner_agent
Start the CVE scanner agent.
Syntax
start scanner_agent <agent>
Where:
agent - A supported CVE scanner agent, either nessus or qualys.
For more information, see Configuring vulnerability scanner agents.
stop scanner_agent
Stop the CVE scanner agent.
Syntax
stop scanner_agent <agent>
Where
agent - A supported CVE scanner agent, either nessus or qualys.
For more information, see Configuring vulnerability scanner agents.
store language
- After switching from English to a desired language, it is not possible to revert back to English using this CLI command. The Guardium system must be reinstalled in English.
- To prevent the system from displaying a mixture of languages, set a central manager and all its managed units to the same language.
Syntax
store language
store language
The following languages are available on this appliance:
1. French
2. German
3. Italian
4. Japanese
5. Korean
6. Polish
7. Pseudo
8. Simplified Chinese
9. Spanish
10. Traditional Chinese
Please enter the number of the language you want or 0 to quit:
Show command
show language
store tsm authorization
When backupinitiationroot is set to ON in TSM servers, then only root and authorized users can perform backup/archive. When backupinitiationroot is set on and password access in DSM.SYS is set to “generate”, Guardium backup and archive to TSM will fail with the error message:
ANS1708E Backup operation failed. Only a root user can do this operation
Non-root users must be authorized to perform backup and archive.
This authorization is enabled by executing the CLI command
Store tsm authorization backupinitiationroot on
This authorization is disabled by executing the CLI command:
Store tsm authorization backupinitiationroot off
Syntax
store tsm authorization backupinitationiroot <on/off>
Show command
show tsm authorization backupinitationiroot <on/off>
This CLI command displays on, if non-root Guardium users are authorized to perform backup and archive when backupinitiationroot is set to ON in TSM servers. Otherwise, it displays off.
Vmware kernel panic after a reboot
VMware ESX 4.1 Virtual machine running Guardium might get a kernel panic after a reboot.
To correct this situation, VMware recommends: Install update 2 on ESX4.1 or Set CPU/MMU virtualization to Use software only instruction set and MMU Virtualization. This option is found under Settings/ Options/ CPU/MMU Use software for instruction set and MMU Virtualization.