Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

CTE Agent Linux Integration and Solutions Guides

Using CTE and Imperva Database Activity Monitoring (DAM) Simultaneously

search

Please Note:

printsuggest an editpdf paneldownload

Using CTE and Imperva Database Activity Monitoring (DAM) Simultaneously

Security administrators can protect execution of processes/binaries on CTE agents from a ptrace attachment. This prevents process injection attacks through ptrace system call. Refer to Blocking ptrace system calls to prevent process injection attacks for more information.

copy link to clipboardUsing Ptrace and DAM

Thales CipherTrust Transparent Encryption and Imperva Database Activity Monitoring (DAM) can operate simultaneously on the same system if the ptrace attachment is not blocked on the system. Choose one of the following two configuration options that do not affect DAM agent functionality:

  • Enabled_for_Authenticators (Default setting)

  • Disabled_for_all

Warning

Do Not set it to Enabled_for_all. This breaks the DAM agent functionality.

copy link to clipboardEnsuring the Correct CTE/DAM Service Startup and Shutdown Order

CipherTrust Transparent Encryption services and DAM services must be started and stopped in the correct order to prevent problems with any data that is guarded by CipherTrust Transparent Encryption. This order is important any time these services need to be started or stopped, such as:

  • During the normal startup and shutdown of your Linux host.

  • Before enabling a scheduled upgrade of CipherTrust Transparent Encryption.

  • Before performing a manual upgrade of CipherTrust Transparent Encryption.

  • As needed for maintenance or troubleshooting.

copy link to clipboardStarting or Stopping DAM and CipherTrust Transparent Encryption Manually

Warning

CTE cannot be stopped while the DAM agent is running.

copy link to clipboardCTE Commands for Stopping and Starting the Agent

Command Command syntax for Linux distros that support systemd Command syntax for Linux distros that DO NOT support systemd
Start /etc/vormetric/secfs start service secfs start
Restart /etc/vormetric/secfs restart service secfs restart
Stop /etc/vormetric/secfs stop service secfs stop
Check status /etc/vormetric/secfs status service secfs status

copy link to clipboardDAM Commands for Stopping and Starting the Agent

Command Command syntax Comment
Start <DAM-remote-agent-install-directory>/ragent/bin/rainit start
<DAM-remote-agent-install-directory>/installer/bin/rainstallerinit start Required if it exists
Stop <DAM-remote-agent-install-directory>/ragent/bin/rainit stop
<DAM-remote-agent-install-directory>/installer/bin/rainstallerinit stop Required if it exists

See Adding Dependencies to systemd Unit Configuration Files for more information.

copy link to clipboardEnsuring the proper order

Perform the following steps in this exact order:

  1. Stop the DAM agent monitoring.

  2. Stop CipherTrust Transparent Encryption.

  3. Perform the CTE or DAM upgrade or maintenance.

  4. Start DAM agent monitoring.

  5. Start CipherTrust Transparent Encryption.

On this page