How to install IBM Security Governance and Intelligence IGI 5.2
How to install ISIG 5 Virtual Appliance
This is an example on how to install a 2 system demo IGI environment, using external SLES VMs for DB and LDAP
Create the Data VM
- Use nat network 10.10.1.1/24
- Data VM setup - enable shared folder, automount and permanent, put user into vboxfs group, enable bidirectional clipboard
- Disable firewall - start yast, go to firewall under security settings, stop and disable from autostart .
Configure SMTP server on SLES
Run yast, go to mail, select "standard", make sure "accept remote SMTP" is checked and accept all other defaults.
Manual way:
sudo chkconfig postfix on mv /etc/sysconfig/postfix /etc/sysconfig/postfix.old inet_interfaces = all
sudo vi /etc/postfix/main.cf
user@sds:~> sudo /etc/init.d/postfix restart
DB2 install on the SLES server
mount shared folder
sudo mount -t vboxsf Shared_Folder /mnt sudo ./db2_install
Use default folder /opt/ibm/db2/V10.5
select SERVER
no to pureScale
FP install
sudo ./installFixPack -b /opt/ibm/db2/V10.5
check DB2 version:
/usr/local/bin/db2ls
SDS 6.4 install on a sles system (using the DB2 installed previously)
IGI docs - http://www-01.ibm.com/support/knowledgecenter/SSGHJR_5.2.0/com.ibm.igi.doc/installing/tsk/t_install_igiva_unix_ldap.html?lang=en
(sds own docs are here - http://www-01.ibm.com/support/knowledgecenter/SSVJJU_6.4.0/com.ibm.IBMDS.doc_6.4/t_po_SDS_custom_sysreq.html?lang=en)
you need graphical environment as root, the easiest way to get it is to
ssh -X root@localhost /media/DirectoryV6.4/launchpad.sh
pick IBM Directory Server installation, then Install SDS.
Hit next, accept license, accept install manager defaults, accept default path (/opt/ibm/ldap/V6.4)
On the features page deselect DB2, reselect Server, hit next
Next page should find the DB2 server you installed before
accept all defaults (ibm_jdk 6.0.16.2-ISS-JAVA-LinuxX64-FP0002.tar will be installed)
Note: You need a separate install of WAS 8.5.5 for the web admin tool to work
FP install
from the fixpack folder:
sudo ./idsinstall -u -f
verify
rpm -qa | grep idsldap
Configure DB2
per http://www-01.ibm.com/support/knowledgecenter/SSGHJR_5.2.0/com.ibm.igi.doc/installing/tsk/t_db2_configuring_isig.html?lang=en
sudo to root:
useradd -g root igiinst passwd igiinst - set to "ideas" mkdir /home/igiinst chown igiinst /home/igiinst /opt/ibm/db2/V10.5/instance/db2icrt -u igiinst igiinst
Get the DB instance port: grep DB2_igiinst /etc/services
su - igiinst
. sqllib/db2profile
db2 update dbm cfg using SVCENAME [port from the previous command - 60000]
db2set DB2COMM=tcpip
db2set -all DB2COMM
db2start
db2set DB2_COMPATIBILITY_VECTOR=ORA
db2set DB2_RESTRICT_DDF=TRUE
db2stop force
db2start
db2 create database IGI_DB
db2 connect to IGI_DB
db2 update db cfg using LOGFILSIZ 5000 LOGPRIMARY 50 LOGSECOND 50
db2 create bufferpool IDEAS_BP IMMEDIATE PAGESIZE 32K
db2 create system temporary tablespace IDEAS_SYS_TEMP pagesize 32k bufferpool IDEAS_BP
db2 create user temporary tablespace IDEAS_TEMP pagesize 32k bufferpool IDEAS_BP
db2stop force
db2start unzip SEC_IDNTY_GVN_INTL_xxx_V5.2_DT_IN_.zip
Change the path to this directory
Run the chmod -R 777 * command
cd __FOR_DBAs__ dos2unix unix_create_users.sh sudo ./unix_create_users.sh
edit DB_INSTALLATION/login.sql
set
DEFINE ISIG_DB = 10.10.1.50:60000/IGI_DB
Logoff, and login as the root user (Next steps uses X server but ssh X forwarding does not work - gives some gargbage on SLES)
. ~igiinst/sqllib/db2profile from IGI-db2scripts/DB_INSTALLATION run clpplus igiinst/ideas@10.10.1.50:60000/IGI_DB @01-FULL-TBLS_USER_AND_OBJ-CREATION.sql
enter /home/igiinst/igiinst/NODE0000/IGI_DB
enter (M)
wait for the command to complete - the SQL> prompt should come back
the logs are in the folder you were in - IGI_V5_2_0_Installation.log
Configuring LDAP
done per ISIM 7.0 manual LDAP configuration steps https://www-01.ibm.com/support/knowledgecenter/SSRMWJ_7.0.0/com.ibm.isim.doc_7.0/installing/tsk/tsk_ic_ins_dir_itds_config_manual.htm
(note that another instance of the dB will be created for the LDAP, IGIDB, as opposed to IGI_DB used for DB storage)
sudo to root
cd /opt/IBM/ldap/V6.4/sbin
create a user and add it to the proper group
./idsadduser -n -u igildap -w Passw0rd -g idsldap -l /home/igildap
create ldap instance with the same name as the user)
./idsicrt -I igildap -e seedseedseed -l /home/igildap
create db for the instance
./idscfgdb -I igildap -a igildap -w Passw0rd -t igidb -l /home/igildap
Set cn=root password
./idsdnpw -I igildap -u cn=root -p Passw0rd
Create the default suffix
./idscfgsuf -I igildap -s dc=com
vi /tmp/dccom.ldif with the following content:
dn:dc=com objectclass:domain
start the instance
./ibmslapd -I igildap -n -t &
wait till it says 'server started' then import the file
../bin/idsldapadd -D cn=root -w Passw0rd -f /tmp/dccom.ldif
Configure the IGI VA
go to http://10.10.1.20:9443 admin/admin
Host name 10.10.1.50
LDAP: Gnosis Corp, gnosis
DB name: IGI_DB
User password: ideas
Reboot and test by going to the VA admin and checking that all the components are working
and then
https://vbox:9343/ideas
admin/admin
After everything has been verified
set db2 to start on boot
su - igiinst (not igildap - db2 for ldap is started automatically by slapd)
. sqllib/db2profile db2iauto -on igiinst
Check:
grep DB2AUTOSTART sqllib/profile.env
should say 'YES'
re-add the startup for the fault monitor:
to remove from inittab and init.d and systemd (for RHEL)
grep db2fm /etc/inittab fmc:2345:respawn:/opt/ibm/db2/V10.5/bin/db2fmcd #DB2 Fault Monitor Coordinator
sudo db2fmcu -d grep db2fm /etc/inittab readd to inittab and init.d and systemd sudo db2fmcu -u -p /opt/ibm/db2/V10.5/bin/db2fmcd grep db2fm /etc/inittab fmc:2345:respawn:/opt/ibm/db2/V10.5/bin/db2fmcd #DB2 Fault Monitor Coordinator
Start the fauilt monitor daemon
db2fm -U
Start the failt monitor service
db2fm -u
turn it on for this instance
db2fm -f on
Validate that it's configured
db2fm -s -S
should show
Gcf module 'fault monitor' state is AVAILABLE Gcf module '/opt/ibm/db2/V10.5/lib64/libdb2gcf.so' state is AVAILABLE
In case of error it shows
Gcf module 'fault monitor' is NOT operable - means it is not configured Gcf module '/opt/ibm/db2/V10.5/lib64/libdb2gcf.so' is INSTALLED PROPERLY but NOT ALIVE
Set LDAP to start on boot:
sudo vi /etc/inittab
add at the end
ids1:2345:once:/opt/IBM/ldap/V6.4/sbin/ibmslapd -I igildap > /dev/null 2>&1
Reboot
check if the db is started, su into the instance owner
su - db2admin db2fm -s -S db2 list active databases
Check LDAP - look for port 389
netstat -pant | grep 389
http://www-01.ibm.com/support/docview.wss?uid=swg21209001
idmdepot.com:Technical Notes:Inside a mesa virtual appliance
idmdepot.com:Troubleshooting:IGI Troubleshooting
Running ISIM or ISIG VA on VirtualBox
