Using CTE and Imperva Database Activity Monitoring (DAM) Simultaneously
Security administrators can protect execution of processes/binaries on CTE agents from a ptrace attachment. This prevents process injection attacks through ptrace system call. Refer to Blocking ptrace system calls to prevent process injection attacks for more information.
Using Ptrace and DAM
Thales CipherTrust Transparent Encryption and Imperva Database Activity Monitoring (DAM) can operate simultaneously on the same system if the ptrace attachment is not blocked on the system. Choose one of the following two configuration options that do not affect DAM agent functionality:
-
Enabled_for_Authenticators (Default setting)
-
Disabled_for_all
Warning
Do Not set it to Enabled_for_all. This breaks the DAM agent functionality.
Ensuring the Correct CTE/DAM Service Startup and Shutdown Order
CipherTrust Transparent Encryption services and DAM services must be started and stopped in the correct order to prevent problems with any data that is guarded by CipherTrust Transparent Encryption. This order is important any time these services need to be started or stopped, such as:
-
During the normal startup and shutdown of your Linux host.
-
Before enabling a scheduled upgrade of CipherTrust Transparent Encryption.
-
Before performing a manual upgrade of CipherTrust Transparent Encryption.
-
As needed for maintenance or troubleshooting.
Starting or Stopping DAM and CipherTrust Transparent Encryption Manually
Warning
CTE cannot be stopped while the DAM agent is running.
CTE Commands for Stopping and Starting the Agent
Command | Command syntax for Linux distros that support systemd |
Command syntax for Linux distros that DO NOT support systemd |
---|---|---|
Start | /etc/vormetric/secfs start |
service secfs start |
Restart | /etc/vormetric/secfs restart |
service secfs restart |
Stop | /etc/vormetric/secfs stop |
service secfs stop |
Check status | /etc/vormetric/secfs status |
service secfs status |
DAM Commands for Stopping and Starting the Agent
Command | Command syntax | Comment |
---|---|---|
Start | <DAM-remote-agent-install-directory>/ragent/bin/rainit start |
|
<DAM-remote-agent-install-directory>/installer/bin/rainstallerinit start |
Required if it exists | |
Stop | <DAM-remote-agent-install-directory>/ragent/bin/rainit stop |
|
<DAM-remote-agent-install-directory>/installer/bin/rainstallerinit stop |
Required if it exists |
See Adding Dependencies to systemd Unit Configuration Files for more information.
Ensuring the proper order
Perform the following steps in this exact order:
-
Stop the DAM agent monitoring.
-
Stop CipherTrust Transparent Encryption.
-
Perform the CTE or DAM upgrade or maintenance.
-
Start DAM agent monitoring.
-
Start CipherTrust Transparent Encryption.