Prerequisites

Kernel Trace has two requirements for operation:
  1. The version of OS/2 in use MUST have support for the SES tracepoints.
  2. No other software can be in use which requires access to the SES tracepoints.

SES Tracepoint Support

IBM added SES tracepoint support to the kernel itself in a Warp v3 Fixpak (Fixpak 16 - XR_W016).  SES is a set of APIs, tracepoints and a backing subsystem that provides software vendors the ability to "plug-in" a robust security solution for OS/2.  This solution has control over every file system access, every process or module load and other security sensitive interfaces.  By hooking these interfaces, Kernel Trace can generate a great deal of useful information regarding the internal operation of the system and/or applications.

SES is shipped as an optional installable component.  It is chosen in "Selective Install" or via a response file in a CID oriented install. It is important to note that the SES tracepoints are always available in the kernel even if this optional SES component is not installed!  This means that the only requirement is to ensure that the OS/2 kernel is at least at the Warp v3 Fixpak 16 level.  There are some products that are built on the Warp v3 kernel (Warp Server v4.0) but these follow the same restrictions as Warp v3.  Warp v4 shipped with the SES tracepoints in the original package.  No Fixpaks are necessary for Warp v4, to get the tracepoint support in the kernel.

If this tracepoint support is not available, the KTRACE.SYS device driver will fail to load.

There Can Be Only One

There are other software products which may be dependent upon the SES tracepoints.  Examples include IBM's FWATCH and 3rd party Installable Security Systems (ISS).  IBM limits the access to the SES tracepoints to a single driver per IPL.  There are good technical reasons for IBM's decision, including performance and security concerns.  The implication of this decision is clear: these other products CANNOT be installed and operational at the same time as Kernel Trace.  At a minimum, such a product's corresponding device driver would need to be removed from the CONFIG.SYS.
© 2001 Golden Code Development Corporation.  ALL RIGHTS RESERVED