Creating a non-root user in a STIG-compliant environment

You can't log in remotely as the root user in a STIG-compliant environment.

On each host in the QRadar® deployment, create a non-root user who has sudo access and choose a non-root user name such as stiguser.

Procedure

  1. To create the non-root user, type the following commands: 
    useradd -c 'Admin User' -d /home/stiguser -m -s /bin/bash stiguser

    passwd stiguser
    The password must follow these guidelines:
    • Consist of 15 or more characters.
    • Not repeat the same character consecutively more than two times.
    • Not repeat the same character type consecutively more than two times.
    • Have at least one uppercase character.
    • Have at least one numerical character.
    • Have at least one special character.
    Tip: These new password requirements are enforced when the STIG script is run. If your root password doesn't meet these requirements, you can change it now.
  2. Edit the /etc/sudoers file.
    1. At the end of the file, type the following line:

      stiguser ALL=(ALL) ALL

      Note: It is conventional to use tabs for white space but it's not a requirement; for example:

      stiguser ALL=(ALL) ALL

    2. Use the # symbol to comment out any lines that contain NOPASSWD.
      Tip: If you use the Vim text editor, type :/NOPASSWD in command mode to search for any instances of NOPASSWD.
  3. Verify that the new user can log in from a remote host and use the sudo command to become a root user.
    For example, use an SSH client such as PuTTY to log in to IBM® QRadar as stiguser, and then run a command by using sudo.
    sudo cat /etc/shadow

What to do next

Run the hardening script on the QRadar console.