IBM Guardium v11.2 Collector Installation Notes

IBM Guardium v11.2 Collector Installation Notes

Some notes saved in this post for installing an IBM Guardium collector and registering into Central manager. 

• Installation
• Users
• Reset CLI User Account
• Integrate Collector with Aggregator

Installation

Setup Initial and Baisc Configuration:
https://www.ibm.com/support/knowledgecenter/SSMPHH_11.1.0/com.ibm.guardium.doc.install/install/step4_setup_initial_and_basic_configuration.html

1. Load the Guardium ISO.

2. When the system boots, you will be presented with the following screen.
   1. Choose "Standard Installation (non CM)" for the collectors

   2. Choose "Aggregator or Central Manager (CM)" for the Central Manager
   3. The installation process will take about 15 minutes.

3. After the installation completes, login from the console as cli (password=guardium)
   1. Reset and make note of the cli password

4. Perform the following configuration commands:

store network interface ip <ip_address>
store network interface mask <subnet_mask>
store network routes defaultroute <default_router_ip>
store system hostname <host_name>
store system domain <domain_name>

store network resolvers <DNS ip addresses>

5. Confirm that you configured each setting correctly.

show network interface all

show network routes def

show system hostname

show system domain

6. Enter "restart network" to apply network changes or "restart system" to reboot the VM

7. Confirm that you can access the machine via ssh and web GUI (https://<IP>:8443)

Note: Virtual Appliance Installation Guide: 

https://www.ibm.com/support/knowledgecenter/SSMPHH_11.1.0/com.ibm.guardium.doc.install/install/virtual_appliance.html

show network interface all 
show network routes defaultroute
show network resolver all
show system hostname
show system domain
show system clock timezone
show system clock datetime
show system ntp all
show unit type

YouTube Video:

Users

1  Root Users

CLI -> support show passkey root
CLI -> support reset-password root (password is ‘t0Tach’)


Note: Keep the 'Root Passkey' in a safe place

2  CLI Users
CLI access is an administrative tool that allows configuration, troubleshooting, and management of the Guardium system.

• To change the cli password: ‘store user password’
• To change the cli expiration password:
 ‘show password expiration cli n’
 ‘store password expiration cli n’

• show password disable and store password disable .
̶ Sets the number of days of inactivity, after which user accounts will be disabled. When set to 0 (zero), no accounts will be disabled by inactivity.

• show password validation and store password validation [ON|OFF].
̶ When password validation is enabled, the password must be eight or more characters in length, and must include at least one uppercase alphabetic character (A-Z), one lowercase alphabetic character (a-z), one digit (0-9), and one special character from the table. When disabled (not recommended), any length or combination of characters is allowed.

3  GUI Users - Accessmgr user

Accessmgr user is used to manage user accounts/access to the Guardium application, consisting of four tasks: Default password is guardium. 
̶ Account administration
̶ Maintenance
̶ Monitoring
̶ Revocation

CLI -> unlock accessmgr

CLI -> support reset-password accessmgr <N>|random

CLI -> support show passkey accessmgr

note: If the admin password is lost, accessmgr account can reset it.

4  GUI Users - Admin user

Default password is guardium. 

show password expiration gui

store password expiration gui (N)

note: Admin and accessmgr roles can not be assigned to the same user

Reset CLI User Account

What needs to be done if the cli password is lost or forgotten?

1   Reset with rescue mode (Stand alone environment)

1.  Shutdown the appliance
2.  Mount the V10 ISO image to the appliance and boot the appliance from the V10 ISO.
3.  As soon as the appliance boots from the ISO, below screen displays. Use the "Rescue Mode" 
5. Select the appropriate Language.
6. Select the appropriate keyboard layout.
7. Do Not Setup Networking. Hit the "No" button.
8. Hit the "Continue" button as SAN activation OR Read-Only mode won't be required for mere password reset.
9. Hit the "OK" button after reading the message.
10. Hit the "OK" button after reading the message of the mounted directory as /mnt/sysimage.
11. Select the "shell Start shell" option and hit "OK" button.
12. CAUTION - You will land on to a minroot shell
13. CAUTION - execute the command "chroot /mnt/sysimage" and hit the "Return" key on the keyboard to
14. get the root command prompt to modify the cli password. Execute the command "passwd cli" in order to
15. input the new password.
16. Further it will ask for re-typing of the new password.
17. Remember the new cli password that was set. Execute the command "poweroff" to shutdown the appliance.
18. Unmount the V10 ISO image and start the appliance.
19. Login with the new cli password.

2   On Central Manager CLI -> support reset-managed-cli

Integrate Collector with Aggregator

ca> show unit type

Standalone Netinsp stap

ok

Central Management Registration

1  Registering from a Managed Unit

On a managed unit, you can use the GUI to register the unit with the Central Manager. Otherwise, you can use the CLI register command as described in Registering a Managed Unit with the CLI.

1. Click Setup > Central Management > Registration and Load Balance to open Central Management Registration.
2. For Host IP, enter the IP address of the Central Manager.
3. For Port, enter the https port for the Central Manager (usually 8443).
4. Click Register.

After you register on the managed unit, it initiates communication with the Central Manager, and nothing more needs to be done.

2  Registering a Managed Unit with the CLI

1. On the managed unit, log in to the CLI.
2. Type register management <Manager IP> <Manager Port>

After you register on the managed unit, it initiates communication with the Central Manager, and nothing more needs to be done.

3  Registering units from the Central Manager

You can register units that are not currently accessible.

1. Navigate to Manage > Central Management > Central Management to open Central Management.
2. Click Register New. The unit Registration page opens.
3. Enter the Unit IP and port, and click Save. The Central Management page refreshes with the new unit.

4  Error Message : Unit returned Invalid Shared Secret

Solution:

Change Central Manager and all Collector's shared secret :

Health Check

Collector Configuation

 Do not distribute Archive Configuration and Data Export from Central Manager - Aggregator to Collector. It will overwrite the settings on Collectors.

• Archive Configuration: Not activated on Collector.
• For Data Export, only activated on Collector, not on Central Manager. 

Manually configure Data Export on collectors: 

Hyper-V Install Guardium Procedure

1. Start the Hyper-V Manager and connect to your Hyper-V server.
2. In the Actions pane, select New > Virtual Machine to begin the New Virtual Machine wizard. Click Next.
3. Specify names and location:You may select Store the virtual machine in a different location and provide the path to your data store, if appropriate.Click Next when done.
4. Specify Generation of the virtual machine: Select Generation 1 and click Next.
5. Assign memory: Verify that the allocated RAM meets the minimum system requirements. Leave the option Use Dynamic Memory for this virtual machine unchecked and click Next.
6. Configure Networking: Select your virtual switch and click Next. Note that hardware may differ and there may be multiple choices.
7. Connect Virtual Hard Disk: Select Create a virtual hard disk.Specify the path to the virtual disk. Verify that the size of the virtual hard disk meets the minimum system requirements. Click Next.
8. Installation Options: The operating system can be installed through a physical CD/DVD drive or through an Image file (.ISO).DVD Installation: select Physical CD/DVD drive and choose the correct drive letter. .ISO Installation: select Image File (.ISO) and browse to your image file. Click Next.
9. Complete installation: Verify all selected options in the Description box. Click Finish to create the virtual machine and close the wizard.
10. Open Console: Select your new virtual machine from the virtual machines pane and click Connect.
11. Click on File > Settings.
12. On the Hardware pane:Select BIOS. Move IDE to the top of the Startup order.
13. Select the Processor section. Allocate the minimum number of virtual processors needed based on your system requirements.
14. Expand the Processor section. Select NUMA in the subsection and change the Maximum amount of memory (MB) to the assigned memory entered in the step 5.
15. Select the SCSI Controller section and click on the Remove button.
16. Optionally, in the Management pane below the Hardware pane, you may set up your preferences for Automatic Start up and Stop Actions.
17. Click Apply and if there are no warnings, click OK. Click the green Start button to start your virtual machine.
18. Install your Guardium system. For more information see Installing your Guardium system. Power down after installation.
19. On the Hyper-v virtual machine console, open File > Settings.
20. On the Hardware pane, expand the Network Adapter section and select the Advanced Features subsection. Configure the MAC address by selecting the Static radio button. Click Apply and OK.
21. Power on your virtual Guardium system.

References

• Step 4. Set up initial and basic configuration

via Blogger https://ift.tt/2PPPH1S
January 09, 2021 at 09:32PM Guardium