Configuring Db2 Exit

The Db2 Exit module enables S-TAP to monitor any Db2 database activities, whether encrypted or not and whether local or remote.

Before you begin

Trial:
  • This special trial (ISO file) is available for current and potential Db2 customers. It cannot be used for production purposes.
  • The trial license expires in 90 days from the point of installation of the license.
  • Trial clients can extend their trial for 1 more period of 90 days by applying for another trial license (with the approval of your IBM representative).
  • Previously accepted trial licenses that are expired continue to appear on the license page as accepted licenses.
  • You cannot use a regular Guardium® license in addition to this trial appliance.

About this task

This task covers Db2 Exit configuration for Unix. To configure for Windows instead, see this topic.

Procedure

  1. Log in as the Db2 instance user (db2inst1). 
    [root@db2server# su - db2inst1
    [db2inst1@db2server ~]$ DB2_PATH=`db2 get dbm cfg | grep -i DFTDBPATH | awk -F' = ' '{print $2}'`

[db2inst1@db2server ~]$ mkdir $DB2_PATH/sqllib/security64/plugin/commexit

[db2inst1@db2server ~]$ ln -fs /usr/lib64/libguard_db2_exit_64.so $DB2_PATH/sqllib/security64/plugin/commexit/libguard_db2_exit_64.so
  2. Log in as the root user. 
    [root@db2server ~]# /usr/local/guardium/modules/ATAP/current/files/bin/guardctl is-user-authorized db2inst1 
User 'db2inst1' is authorized.

[root@db2server ~]#
  3. Restart Db2. 
    [db2inst1@db2server ~]$ db2stop 
03/14/2025 17:58:22 0 0 SQL1064N DB2STOP processing was successful. 
SQL1064N DB2STOP processing was successful. 

[db2inst1@db2server ~]$ db2start 
03/14/2025 17:58:27 0 0 SQL1063N DB2START processing was successful. 
SQL1063N DB2START processing was successful.
  4. Use setup_exit.sh to configure the inspection engine to use Db2 Exit. 
    [root] /usr/local/guardium/modules/STAP/current/setup_exit.sh
    [root] /usr/local/guardium/modules/STAP/current/exit_health_check.sh
Script will do health check only by default, Please use setup_exit.sh to make correction.
Processing section DB_0
user db2inst1 is already authorized to guardium group
DB EXIT IE in DB_0 has a GOOD setup
  5. Restart S-TAP. 
    ps -ef | grep -i tap
kill -9 <processID_of_guard_tapini>