Linux-UNIX: Db2 IE configuration

View a typical insepction engine configuration, and flows for enabling and disabling A-TAP, and opening the SSL console for an Db2 inspection engine.

Typical Db2 inspection engine configuration

name =db24
type =db2
sequence =4
connect to IP=127.0.0.1
install dir = /home/db2inst1
exec file = /home/db2inst1/sqllib/adm/db2sysc
encrypted = no
port range = 50000 - 50000
ktap real port = 50000
identifier = db2_9.32.164.228(50000,50000,DB_3)
client = 0.0.0.0/0.0.0.0

Activate and deactivate A-TAP for SSL traffic

Before activating A-TAP, you need to stop the Db2 instance:
systemctl stop db2
Activate A-TAP:
/usr/local/guardium/guard_stap/guardctl --db-user=db2 --db-type=oracle --db-instance=db2 --db-base=/home/ibmuser --db-home=/usr db2
Restart the Db2 instance:
systemctl start db2

Set up Db2 with TLS/SSL certificate and key

For example, on an instance with SSL and kerberization:

Deactivating A-TAP

Before deactivating A-TAP, you need to stop the Db2 instance.
systemctl stop db2
Deactivate A-TAP:Restart the Db2 instance:
systemctl start db2