Standard Linux users

The tables describe the standard Linux® user accounts that are created on the QRadar® console SIEM server and other QRadar product components (All In One console, QRadar Risk Manager, QRadar Incident Forensics, QRadar Network Insights, App Host, and all other managed hosts).

The following tables show standard Linux user accounts for RedHat and QRadar.

Table 1. Standard Linux user accounts for RedHat
User account Login to the Login Shell Purpose
root (password required) Yes RedHat user
bin No Linux Standard Base
daemon No Linux Standard Base
adm No Linux Standard Base
lp No Linux Standard Base
sync No Linux Standard Base
shutdown No Linux Standard Base
halt No Linux Standard Base
mail No Linux Standard Base
operator No Linux Standard Base
games No RedHat user
ftp No RedHat user
nobody No Linux Standard Base
systemd-network No RedHat user
dbus No RedHat user
polkitd No RedHat user
sshd No RedHat user
rpc No RedHat user
rpcuser No RedHat user
nfsnobody No RedHat user
abrt No RedHat user
ntp No RedHat user
tcpdump No RedHat user
tss No RedHat user
saslauth No RedHat user
sssd No RedHat user
Table 2. Standard Linux user accounts for QRadar
User Account Login to the Login Shell Purpose
ziptie No Ziptie service used by QRadar Risk Manager
vis No QRadar VIS service used by QRadar to process scan results
customactionuser No QRadar Custom Actions used to isolate custom actions into a chroot jail
mks No MKS QRadar component for handling secrets
qradar No General user for QRadar
qvmuser No QRadar Vulnerability Manager used by QRadar Vulnerability Manager
postgres No (account locked) PostgreSQL database used by QRadar
tlsdated No Tlsdate legacy time sync tool that was previously used by QRadar
traefik No Traefik service proxies Docker Containers for QRadar App Framework
gluster No GlusterFS used by QRadar HA on event collectors
solr No Solr service used by QRadar Forensics
openvpn No OpenVPN optional VPN tool installed by QRadar
chrony No Chronyd service time sync tool used by QRadar
apache No Apache Web Server used by QRadar
postfix No Mail Service used by QRadar to send email
vsftpguest No FTP service used in QRadar Forensics