Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTE Agent Linux Integration and Solutions Guides

Using CTE and Imperva Database Activity Monitoring (DAM) Simultaneously

search

Please Note:

Using CTE and Imperva Database Activity Monitoring (DAM) Simultaneously

Security administrators can protect execution of processes/binaries on CTE agents from a ptrace attachment. This prevents process injection attacks through ptrace system call. Refer to Blocking ptrace system calls to prevent process injection attacks for more information.

Using Ptrace and DAM

Thales CipherTrust Transparent Encryption and Imperva Database Activity Monitoring (DAM) can operate simultaneously on the same system if the ptrace attachment is not blocked on the system. Choose one of the following two configuration options that do not affect DAM agent functionality:

  • Enabled_for_Authenticators (Default setting)

  • Disabled_for_all

Warning

Do Not set it to Enabled_for_all. This breaks the DAM agent functionality.

Ensuring the Correct CTE/DAM Service Startup and Shutdown Order

CipherTrust Transparent Encryption services and DAM services must be started and stopped in the correct order to prevent problems with any data that is guarded by CipherTrust Transparent Encryption. This order is important any time these services need to be started or stopped, such as:

  • During the normal startup and shutdown of your Linux host.

  • Before enabling a scheduled upgrade of CipherTrust Transparent Encryption.

  • Before performing a manual upgrade of CipherTrust Transparent Encryption.

  • As needed for maintenance or troubleshooting.

Starting or Stopping DAM and CipherTrust Transparent Encryption Manually

Warning

CTE cannot be stopped while the DAM agent is running.

CTE Commands for Stopping and Starting the Agent

Command Command syntax for Linux distros that support systemd Command syntax for Linux distros that DO NOT support systemd
Start /etc/vormetric/secfs start service secfs start
Restart /etc/vormetric/secfs restart service secfs restart
Stop /etc/vormetric/secfs stop service secfs stop
Check status /etc/vormetric/secfs status service secfs status

DAM Commands for Stopping and Starting the Agent

Command Command syntax Comment
Start <DAM-remote-agent-install-directory>/ragent/bin/rainit start
<DAM-remote-agent-install-directory>/installer/bin/rainstallerinit start Required if it exists
Stop <DAM-remote-agent-install-directory>/ragent/bin/rainit stop
<DAM-remote-agent-install-directory>/installer/bin/rainstallerinit stop Required if it exists

See Adding Dependencies to systemd Unit Configuration Files for more information.

Ensuring the proper order

Perform the following steps in this exact order:

  1. Stop the DAM agent monitoring.

  2. Stop CipherTrust Transparent Encryption.

  3. Perform the CTE or DAM upgrade or maintenance.

  4. Start DAM agent monitoring.

  5. Start CipherTrust Transparent Encryption.

On this page