Some notes saved in this post for installing an IBM Guardium collector and registering into Central manager. 

IBM Guardium v11.2 Collector Installation Notes

  1. Load the Guardium ISO.
  2. When the system boots, you will be presented with the following screen.
    1. Choose “Standard Installation (non CM)” for the collectors
    2. Choose “Aggregator or Central Manager (CM)” for the Central Manager
    3. The installation process will take about 15 minutes.

  1. After the installation completes, login from the console as cli (password=guardium)
    1. Reset and make note of the cli password

  1. Perform the following configuration commands:
store network interface ip <ip_address>
store network interface mask <subnet_mask>
store network routes defaultroute <default_router_ip>
store system hostname <host_name>
store system domain <domain_name>
store system resolvers <DNS ip addresses>

  1. Confirm that you configured each setting correctly.
show network interface all
show network routes def
show system hostname
show system domain

  1. Enter “restart system” to reboot the VM
  1. Confirm that you can access the machine via ssh and web GUI (https://<IP>:8443)

Note: Virtual Appliance Installation Guide: 


show network interface all 
show network routes defaultroute
show network resolver all
show system hostname
show system domain
show system clock timezone
show system clock datetime
show system ntp all
show unit type

Users


1  Root Users

CLI -> support show passkey root
CLI -> support reset-password root (password is ‘t0Tach’)

Note: Keep the ‘Root Passkey’ in a safe place

2  CLI Users
CLI access is an administrative tool that allows configuration, troubleshooting, and management of the
Guardium system.

• To change the cli password: ‘store user password’
• To change the cli expiration password:
 ‘show password expiration cli n’
 ‘store password expiration cli n’

• show password disable and store password disable .
̶ Sets the number of days of inactivity, after which user accounts will be disabled. When set to 0 (zero), no accounts will be disabled by inactivity.

• show password validation and store password validation [ON|OFF].
̶ When password validation is enabled, the password must be eight or more characters in length, and must include at least one uppercase alphabetic character (A-Z), one lowercase alphabetic character (a-z), one digit (0-9), and one special character from the table. When disabled (not recommended), any length or combination of characters is allowed.

3  GUI Users – Accessmgr user

Accessmgr user is used to manage user accounts/access to the Guardium application, consisting of four tasks: Default password is guardium. 
̶ Account administration
̶ Maintenance
̶ Monitoring
̶ Revocation

CLI -> unlock accessmgr
CLI -> support reset-password accessmgr <N>|random

CLI -> support show passkey accessmgr

note: If the admin password is lost, accessmgr account can reset it.

4  GUI Users – Admin user

Default password is guardium. 
show password expiration gui
store password expiration gui (N)
note: Admin and accessmgr roles can not be assigned to the same user

Reset CLI User Account

What needs to be done if the cli password is lost or forgotten?
1   Reset with rescue mode (Stand alone environment)
  1.  Shutdown the appliance
  2.  Mount the V10 ISO image to the appliance and boot the appliance from the V10 ISO.
  3.  As soon as the appliance boots from the ISO, below screen displays. Use the “Rescue Mode” 
  4. Select the appropriate Language.
  5. Select the appropriate keyboard layout.
  6. Do Not Setup Networking. Hit the “No” button.
  7. Hit the “Continue” button as SAN activation OR Read-Only mode won’t be required for mere password reset.
  8. Hit the “OK” button after reading the message.
  9. Hit the “OK” button after reading the message of the mounted directory as /mnt/sysimage.
  10. Select the “shell Start shell” option and hit “OK” button.
  11. CAUTION – You will land on to a minroot shell
  12. CAUTION – execute the command “chroot /mnt/sysimage” and hit the “Return” key on the keyboard to
  13. get the root command prompt to modify the cli password. Execute the command “passwd cli” in order to
  14. input the new password.
  15. Further it will ask for re-typing of the new password.
  16. Remember the new cli password that was set. Execute the command “poweroff” to shutdown the appliance.
  17. Unmount the V10 ISO image and start the appliance.
  18. Login with the new cli password.
2   On Central Manager CLI -> support reset-managed-cli

Integrate Collector with Aggregator

ca> show unit type
Standalone Netinsp stap
ok

Central Management Registration

1  Registering from a Managed Unit

On a managed unit, you can use the GUI to register the unit with the Central Manager. Otherwise, you can use the CLI register command as described in Registering a Managed Unit with the CLI.

  1. Click Setup > Central Management > Registration and Load Balance to open Central Management Registration.
  2. For Host IP, enter the IP address of the Central Manager.
  3. For Port, enter the https port for the Central Manager (usually 8443).
  4. Click Register.

After you register on the managed unit, it initiates communication with the Central Manager, and nothing more needs to be done.

2  Registering a Managed Unit with the CLI

  1. On the managed unit, log in to the CLI.
  2. Type register management <Manager IP> <Manager Port>

After you register on the managed unit, it initiates communication with the Central Manager, and nothing more needs to be done.

3  Registering units from the Central Manager

You can register units that are not currently accessible.

  1. Navigate to Manage > Central Management > Central Management to open Central Management.
  2. Click Register New. The unit Registration page opens.
  3. Enter the Unit IP and port, and click Save. The Central Management page refreshes with the new unit.

4  Error Message : Unit returned Invalid Shared Secret

Solution:
Change Central Manager and all Collector’s shared secret :

from Blogger http://blog.51sec.org/2020/08/ibm-guardium-112-installation-notes.html

By Jon

Leave a Reply