To install the DAM Sensor and set up DB2 monitoring:
- Install the DAM Sensor as detailed in the Database Security Installation Guide.
- Set up DB2 monitoring using Raz-Lee iSecurity:
- Install Raz-Lee iSecurity on the target IBM i system. For installation instructions, see the Raz-Lee documentation.
- Install the DAM Sensor on a separate Linux system.
- Verify that TCP communication from Raz-Lee iSecurity to the Sensor Linux system is not blocked on the designated port (for example, port 2000).
- Enable IBM i (AS/400) monitoring:
- On the Sensor properties page, click Advanced.
- In the text box, add the following entry on a separate line:
as400.enable=1
- Save the Sensor properties.
- Restart the Sensor.
- Enable monitoring for each IBM i DBMS added:
- Log on to the Database Security Console.
- On the Sensors page, select the Sensor on the DBMS Details tab.
- Locate the database and click Start Monitoring.
- Write rules for this Sensor as you would for any other Sensor.
DB List Configuration
To bootstrap the integration, a DB list is used to indicate to the Sensor what database events are provided. The DB lists are read from a well-known directory
(/var/run/mfe.dbs/dbs.list).
On recent
Debian systems, this directory might be mounted as
tmpfs. This designation means it is deleted on restart of the system. In this case, you can change the location of the DB list directory. Specify the following advanced parameter for the Sensor:
as400.input_path=<path to the DB list directory>
For example:
as400.input_path= /var/lib/mfe.dbs/dbs.list
The directory contains a list of files. Each file contains the configuration details of a DB instance. File names are free form, but must end with the extension
.conf. The Sensor scans this directory and listens on the specified
activity-socket for databases with a monitor-state of ACTIVE.
NOTE: The external data source must constantly try to connect to the
activity-socket. The Sensor will start listening on the specified socket after the database has been
approved at the Database Security Console.
The database configuration details are encoded in the following
JSON format:
{
msg-type: "db-conf",
data-source-version: <string>, //Version of providing data source
socket-protocol-version: "1.0", //If the protocol version is different from 1.0, the Sensor will not listen on the socket. Possibly can be used for upgrade scenarios.
db-type: <string>, //Type of database reported
update-date: <date>,//Last date status was updated
ip: <string>, //DB instance IP address
host: <string>, //DB instance hostname
lpar: <string>, //DB lpar name (relevant for MF)
version: <string>, //DB version
instance-name: <string>, //DB instance name
unique-id: <string>, //Constant instance unique ID (for example, md5)
monitor-state: <string: ACTIVE|STOPPED>,
activity-socket: <string> //Socket to communicate
}
The following is a sample configuration record (all data must be on a single line). In the sample, the Sensor listens on port 2000 waiting for an incoming TCP connection from the
Raz-Lee connector.
{"msg-type":"db-conf","data-source-version":"1.0.0-b172","socket-protocol-version":"1.0","db-type":"AS400","update-date":1335169871087,"ip":"127.0.0.1","host":"qatest1","lpar":"test-lpar","version":"9.1.6","instance-name":"test-instance","unique-id":"66064bac07c2b3966a0b65df2ad4c708","monitor-state":"ACTIVE", "activity-socket":"0.0.0.0:2000"}
