How to install IBM Security Governance and Intelligence IGI 5.2

How to install ISIG 5 Virtual Appliance

This is an example on how to install a 2 system demo IGI environment, using external SLES VMs for DB and LDAP

Create the Data VM

  • Use nat network
  • Data VM setup - enable shared folder, automount and permanent, put user into vboxfs group, enable bidirectional clipboard
  • Disable firewall - start yast, go to firewall under security settings, stop and disable from autostart .

Configure SMTP server on SLES

Run yast, go to mail, select "standard", make sure "accept remote SMTP" is checked and accept all other defaults.

Manual way:

sudo chkconfig postfix on
mv /etc/sysconfig/postfix /etc/sysconfig/postfix.old
inet_interfaces = all

sudo vi /etc/postfix/
user@sds:~> sudo /etc/init.d/postfix restart

IGI 5.2 docs

DB2 install on the SLES server

mount shared folder

sudo mount -t vboxsf Shared_Folder /mnt
sudo ./db2_install

Use default folder /opt/ibm/db2/V10.5
select SERVER
no to pureScale

FP install

sudo ./installFixPack -b /opt/ibm/db2/V10.5
check DB2 version:

SDS 6.4 install on a sles system (using the DB2 installed previously)

IGI docs -
(sds own docs are here -
you need graphical environment as root, the easiest way to get it is to

ssh -X root@localhost

pick IBM Directory Server installation, then Install SDS.
Hit next, accept license, accept install manager defaults, accept default path (/opt/ibm/ldap/V6.4)
On the features page deselect DB2, reselect Server, hit next
Next page should find the DB2 server you installed before
accept all defaults (ibm_jdk will be installed)

Note: You need a separate install of WAS 8.5.5 for the web admin tool to work

FP install

from the fixpack folder:
sudo ./idsinstall -u -f
rpm -qa | grep idsldap

Configure DB2

sudo to root:

useradd -g root igiinst
passwd igiinst - set to "ideas"
mkdir /home/igiinst
chown igiinst /home/igiinst
/opt/ibm/db2/V10.5/instance/db2icrt -u igiinst igiinst

Get the DB instance port: grep DB2_igiinst /etc/services

su - igiinst
. sqllib/db2profile 
db2 update dbm cfg using SVCENAME [port from the previous command - 60000]
db2set DB2COMM=tcpip
db2set -all DB2COMM
db2stop force
db2 create database IGI_DB
db2 connect to IGI_DB
db2 update db cfg using LOGFILSIZ 5000 LOGPRIMARY 50 LOGSECOND 50
db2 create bufferpool IDEAS_BP IMMEDIATE PAGESIZE 32K
db2 create system temporary tablespace IDEAS_SYS_TEMP pagesize 32k bufferpool IDEAS_BP
db2 create user temporary tablespace IDEAS_TEMP pagesize 32k bufferpool IDEAS_BP
db2stop force

Change the path to this directory
Run the chmod -R 777 * command

cd __FOR_DBAs__
sudo ./

edit DB_INSTALLATION/login.sql

Logoff, and login as the root user (Next steps uses X server but ssh X forwarding does not work - gives some gargbage on SLES)

. ~igiinst/sqllib/db2profile 
from IGI-db2scripts/DB_INSTALLATION run
clpplus igiinst/ideas@ @01-FULL-TBLS_USER_AND_OBJ-CREATION.sql

enter /home/igiinst/igiinst/NODE0000/IGI_DB
enter (M)
wait for the command to complete - the SQL> prompt should come back
the logs are in the folder you were in - IGI_V5_2_0_Installation.log

Configuring LDAP

done per ISIM 7.0 manual LDAP configuration steps
(note that another instance of the dB will be created for the LDAP, IGIDB, as opposed to IGI_DB used for DB storage)

sudo to root
cd /opt/IBM/ldap/V6.4/sbin
create a user and add it to the proper group
./idsadduser -n -u igildap -w Passw0rd -g idsldap -l /home/igildap
create ldap instance with the same name as the user)
./idsicrt -I igildap -e seedseedseed -l /home/igildap
create db for the instance
./idscfgdb -I igildap -a igildap -w Passw0rd -t igidb -l /home/igildap
Set cn=root password
./idsdnpw -I igildap -u cn=root -p Passw0rd
Create the default suffix
./idscfgsuf -I igildap -s dc=com
vi /tmp/dccom.ldif with the following content:


start the instance
./ibmslapd -I igildap -n -t &
wait till it says 'server started' then import the file
../bin/idsldapadd -D cn=root -w Passw0rd -f /tmp/dccom.ldif

Configure the IGI VA

go to admin/admin

Host name
LDAP: Gnosis Corp, gnosis
DB name: IGI_DB
User password: ideas

Reboot and test by going to the VA admin and checking that all the components are working
and then

After everything has been verified

set db2 to start on boot
su - igiinst (not igildap - db2 for ldap is started automatically by slapd)

. sqllib/db2profile 
db2iauto -on igiinst

grep DB2AUTOSTART sqllib/profile.env
should say 'YES'

re-add the startup for the fault monitor:
to remove from inittab and init.d and systemd (for RHEL)

grep db2fm /etc/inittab
fmc:2345:respawn:/opt/ibm/db2/V10.5/bin/db2fmcd #DB2 Fault Monitor Coordinator
sudo db2fmcu -d
grep db2fm /etc/inittab
readd to inittab and init.d and systemd
sudo db2fmcu -u -p /opt/ibm/db2/V10.5/bin/db2fmcd 
grep db2fm /etc/inittab
fmc:2345:respawn:/opt/ibm/db2/V10.5/bin/db2fmcd #DB2 Fault Monitor Coordinator

Start the fauilt monitor daemon
db2fm -U
Start the failt monitor service
db2fm -u
turn it on for this instance
db2fm -f on
Validate that it's configured
db2fm -s -S
should show

Gcf module 'fault monitor' state is AVAILABLE
Gcf module '/opt/ibm/db2/V10.5/lib64/' state is AVAILABLE

In case of error it shows

Gcf module 'fault monitor' is NOT operable - means it is not configured
Gcf module '/opt/ibm/db2/V10.5/lib64/' is INSTALLED PROPERLY but NOT ALIVE

Set LDAP to start on boot:
sudo vi /etc/inittab
add at the end
ids1:2345:once:/opt/IBM/ldap/V6.4/sbin/ibmslapd -I igildap > /dev/null 2>&1

check if the db is started, su into the instance owner

su - db2admin
db2fm -s -S
db2 list active databases

Check LDAP - look for port 389
netstat -pant | grep 389 Notes:Inside a mesa virtual appliance Troubleshooting
Running ISIM or ISIG VA on VirtualBox