Product Documentation
Abstract
This techdoc discusses a third-party application that interferes with the installation or running of Guardium and how to workaround this conflict.
Content
CA eTrust
When installing Guardium's S-TAP revision r60259 and more recent versions (AIX S-TAP installer), and the CA eTrust security product is running, the Guardium S-TAP installation is not allowed.
Because of the SEOS kernel module of CA eTrust, the CA product (when active) prevents "create", "delete", "chmod" and "chown" of files owned by root and triggers a warning message such as:
Warning: See technote at the link (in this warning message) regarding interaction between AIX S-TAP and the SEOS kernel module of CA eTrust before continuing installation.
For more information about this issue and ways to resolve it, go to CA eTrust - Guardium Bug 38898 (Customer Alert -http://www.ibm.com/support/docview.wss?uid=swg21666631 )
Workaround -Turn off AIX storage keys
AIX storage keys are a debugging feature that provides isolation among various kernel components and makes it easier to determine the cause of memory corruption in the kernel. This feature helps you identify a component that is doing something that ultimately results in a crash and causes the crash to occur more closely to the cause of the problem.
However, the CA product and Guardium's KTAP, when combined, interact badly with the AIX storage keys.
Storage keys in this particular case cause a problem with Guardium installation due to the automatic touch-ups that storage keys perform to allow the preemptive asserts to operate. Without those touch-ups by storage keys, there are no issues with the Guardium installation and CA eTrust.
To turn off AIX storage keys (at no loss of function or performance), use the following command:
- skctl -k off -u off
Was this topic helpful?
Document Information
Modified date:
16 July 2018
UID
swg27042115