Database Administrators (DBA) uses the database platform-specific scripts to create the database accounts; for example...	gdent-Oracle.sql or gdmmonitor-ora.sql
The gdent prefix is used for...	the scripts that are used for entitlement reporting
The following steps are required to configure the Guardium system into your environment.....enlistalos	1. Set the primary system IP address • store network interface ip <ip_address> • store network interface mask <mask> 2. Set DNS Server IP Address • store network resolver 1 <dns_server> 3. Set Default Route Gateway • store network route default <gateway> 4. Restart network • restart network 5. Set Host and Domain Names • store system hostname <hostname> • store system domainname <domain> 6. Set the Time Zone, Date and Time • store system clock timezone <timezone in Continent/Country systax> • store system clock datetime <datetime> 7. Set NTP Server (optional) • store system ntp server <ntp ip server> • store system ntp state on 8. Set the Initial Unit Type • store unit type standalone 9. Set VM mode • setup vm install 10. Reset Root Password • store user password
Pasos para validar los pasos de la instalacion.... enlistalos	11. Validate All Settings 1. show network interface all 2. show network resolver all 3. show network route defaultroute 4. show system hostname 5. show system domain 6. show system clock timezone 7. show system clock datetime 8. show system ntp all 9. show unit type 12. Reboot the System • restart system
Se puede hacer esto? "Guardium Appliance disk capacity increasing"	Additional disk space cannot be added in existing Appliances. It must be rebuilt and reconfigured. From v9.x onwards, Guardium supports a maximum of 2TB disk.
Making Guardium appliance as Central Manager---- Que comando se utiliza?	store unit type manager.
Guia de instalacion del KTAP...en listalos	1. KTAP Loader finds exact kernel module match for the Operating system level and loads it. 2. KTAP Loader checks if there is a tested compatible kernel module in the ktap-combos.txt file list (KTAP_List_of_Modules) and loads it. 3. KTAP Loader compiles KTAP module locally and loads it. KTAP will only be compiled on the system if the system has required packages installed (gcc and kernel-devel for booted kernel). 4. If FlexLoad mechanism is ON, KTAP Loader will find the closest matching kernel module and load it. 5. To turn on the FlexLoad mechanism, use the following flags: • For Shell installation, use option: "--ktap_allow_module_combos" • For GIM installation, use option: "KTAP_ALLOW_MODULE_COMBOS=Y" 6. KTAP Loader generates "Failed to load" message and install the S-TAP without the KTAP (or fail the S-TAP installation)
Cuando se actualiza el S-TAP, pero no funciona el KTAP que se tenia en la version anterior, que se hace?	To resolve the problem, follow these steps in the GIM modules installation pane. • Set KTAP_LIVE_UPDATE to Y • Set KTAP_ENABLED to Y and reinstall the new S-TAP.
Interactive mode is an easy way to install and uninstall, but....	it must be run individually on each system.
The installer (hablando del S-TAP) allows to specify the user name....di cuales	root or guardium. En casos raros necesitaras ejecutar el s-tap como guardium
Interactive mode is recommended for.... (hablando de la instalacion del s-tap)	individual s-taps The system prompts for the basic configuration, and verifies your input immediately, so there are no errors
Que es lo que se instala aparte por default cuando se instala el s-tap?	el k-tap, checa si encaja con la version de tu kernel,sino, construye uno mismo en base a tu kernel que tengas
If the message "GIM Client failed to register (500, read timeout)" appears in the Central GIM log, any of the following causes are possible..(enlistalos puntos)	1. The IP address or host name of the g-machine is invalid in the GIM Client configuration. 2. The GIM Client is pointing to a Central Manager unit instead of to the Managed Unit. 3. Port 8081 is blocked by the firewall. 4. The GIM servlet is not running on the Managed Unit.
Como resolver el GIM error 500? di los pasos	1. On the GIM Client system, run command: < gim modules install dir>/UTILS/current/files/bin/configurator.sh --get GIM asegurate que puedas pinguear, sino ve con el administrador de red 2. If GIM_URL is set to the Central Manager Unit, change it to point to the g-machine (Collector). To do this, run: < gim modules install dir>/UTILS/current/files/bin/configurator.sh --set GIM_URL *mata el proceso y reinicialo pf -ef \| grep gim_client 3. si en iptraf no hay trafico n el port 8081 desde el gim host, contacta al network manager 4. reinicia el gui (restart hui)
Que hace un inspection engine?	monitors the traffic between a set of one or more servers and a set of one or more clients using a specific database protocol (Oracle or Sybase, for example).
Explica la metodologia del inspection engine	extracts SQL from network packets; compiles parse trees that identify sentences, requests, commands, objects, and fields; and logs detailed information about that traffic to an internal database.
You can configure and start or stop multiple inspection engines ....	on the Guardium® appliance.
Inspection engines cannot be defined or run on a Central Manager unit. However, you can start and stop inspection engines on managed units from.....	Central Manager control panel.
You can use the S-TAP Status monitor tab of the System View to begin investigating any.....	problems
Que hay que hacer cuando un s-tap no está conectado al guardium	1. checa si esta corriendo el proceso el server de la base 2.valida la conexion entre servidor y guardium -checa si pinguean -si es así, valida si puedes telnetear -checa si hay firewall, si lo hay, que los puertos esten abiertos
Deployment through an already installed GIM Agent with GuardAPI commands, en que orden se deben de ejecutar los comandos?	• grdapi gim_assign_latest_bundle_or_module_to_client • grdapi gim_update_client_params • grdapi gim_schedule_install
Using GuardAPI commands to define a new datasource, que comando es para crear una nueva datasource? y que parametro se define para especificar el tipo de datasource	create_datasource application es el parametro
tipos de GuardAPI datasources	Access_policy • Application User translation • AuditDatabase • AuditTask • ChangeAuditSystem • Classifier • CustomDomain • DatabaseAnalyzer • MonitorValues • SecurityAssessment • Stap_Verification
The CLI commands that are available for use during recovery mode are as follows... enlista los comandos	support reset-password root restart mysql restart stopped_services restart system restore pre-patch-backup restore system
Enlista los metodos del system backup	-SCP (cli y gui) -FTP (cli y gui) -Centera (cli- con store storage centera backup on y gui) -TSM (cli- con store storage tsm backup on y gui) -Amazon S3 (cli y gui) -Softlayer (atraves del softlayer cloud backup) -cleversafe (similarsonal amazon s3)
This command creates a certificate request with an alias	create csr alias
This command creates a certificate request for the tomcat	create csr gui
This command creates a certificate request for the sniffer	create csr sniffer
This command stores GIM certificates in the keystore	store certificate gim
This command stores tomcat certificates in the keystore.	store certificate gui
This command asks for a one-word alias to uniquely identify the certificate and store it in the keystore	store certificate keystore
This command stores mysql client and server certificates	store certificate mysql
This command stores S-TAP certificates	store certificate stap
This command stores sniffer certificates.	store certificate sniffer
En caso de que haya alto CPU o problemas de I/O usage... qué hacer? enlista los pasos	1.Revisa la configuracion de los inspection engines y checa que no haya ningunerror, por ejemplo, validar que el directiorio de instalacion, el ejecutable, puertos y otras cosas aplicables al inspection engine esten correctos sin datos incorrectos 2. pon este parametro en la config del s-tap ktap_fast_tcp_verdict to 1 (ktap_fast_tcp_verdict = 1 in the guard_tap.ini configuration file) and restart the S-TAP 3. ktap_fast_tcp_verdict=0: KTAP confirms that the session is the database connection that the inspection engine configured by checking ports and Ips. 4. ktap_fast_tcp_verdict=1: KTAP does not send the request to S-TAP while the session's ports are in the range. 5. Disable the UID Chain feature if not needed by setting hunter_trace=0 and restarting the S-TAP. 6. Set firewall_installed=0 if SGATE is not needed and restart the S-TAP.
Guardium provides several methods that can be used to script various functions. One of the method is creating a script that contains the GuardAPI statements. The script can be started by using an SSH client as shown in the following example.....	ssh cli@myappliance.ibm.com < my_grdapi_script.txt
que son las Exit libraries?	are the preferred monitoring mechanism. They give the best performance, and can handle both local and network traffic, whether encrypted or not. They always capture DB_USER.
La 2 desventajas de las Exit libraries son ....?	--The only disadvantage is that exit libraries are only available on some databases. The only disadvantage is that exit libraries are only available on some databases. --They require configuration on the database, and if you upgrade the S-TAP version, then the exit library also requires an update
Que es K-TAP?	K-TAP is a kernel module that is installed into the operating system. It supports all protocols and connection methods (for example, TCP, TLI, SHM, Named Pipes). When enabled, it observes access to a database server by hooking into the mechanisms that are used to communicate between the database client and server.
Que es el A-TAP?	The A-TAP (application-level tap) sits in the application layer to support monitoring of encrypted database traffic, which cannot be done in the kernel by K-TAP.
Cuales son las restricciones del K-TAP?	• A-TAP is not supported in an environment where a 32-bit database is located on a 64-bit server. • Monitoring: When using A-TAP, redaction is not supported. Blocking is supported for Linux kernels at 2.6.36 or later releases
When to use A-TAP?	A-TAP is required when DBMS encryption in motion is used, but there may be other internal database implementation details such as shared memory that require it.
Que es PCAP?	PCAP is a packet-capturing mechanism that listens to network traffic from and to a database server. In a UNIX environment, since the K-TAP captures all network traffic, PCAP is rarely used. PCAP is used to capture local TCP/IP traffic on the device.
Cual es la restriccion del PCAP?	PCAP only works on ports (no shared memory, and so on).
Cuales son las restricciones del A-TAP?	Restrictions: • A-TAP is not supported in an environment where a 32-bit database is located on a 64-bit server. • Monitoring: When using A-TAP, redaction is not supported. Blocking is supported for Linux kernels at 2.6.36 or later releases
Port Requirements for Windows servers	9500 TCP Clear STAP 9501 TLS Encrypted S-TAP 9500/9501 Alive messages
Port and protocol Requirements for UNIX servers	16016 TCP Clear unix s-tap 16017 TCP Clean unix cas 16018 TLS Encrypted s-tap 16019 TLS Encrypted cas 16020-16021 para pooled connections 16022 feed protocol

Descubre

Crear Tarjetas

Acerca de Nosotros

Explore Tarjetas

Comparta este Set de Tarjetas de Aprendizaje

Tarjetas de Aprendizaje relacionadas

Section 3 - Installation And Configuration

Cómo estudiar sus tarjetas

Rango de Cartas a estudiar

47 Cartas en este set