Post-installation checks

Post-installation checks are required to complete your STIG compliance.

Verify that stiguser can log in to the command line interface

To verify that stiguser has access to the command-line interface on your IBM QRadar appliance, type the following command in a terminal on a remote system and ensure that stiguser is able to log in successfully:

ssh stiguser@<QRadar_IP>

Verify that you can log in to the Web interface

In your browser window, navigate to https://<QRadar_IP_Address>.

To log in to QRadar in an IPv6 or mixed environment, wrap the IP address in square brackets: https://[<QRadar_IP_Address>].

Input a valid set of user credentials and confirm that the user is able to log in successfully.

Passwords restricted to 1-day minimum lifetime

Type the following command to check for any violations:

awk -F: '$4 >= 1 {print $1}' /etc/shadow

You must change the password-restriction setting for any non-system accounts or non-user accounts that are displayed.

Passwords restricted to 60-day maximum lifetime

Type the following command to check for any violations:

awk -F: '$5 >= 1 {print $1}' /etc/shadow

You must change the password-restriction setting for any non-system accounts or non-user accounts that are displayed.

Duplicate user IDs (UID)

Type the following command to check for duplicate user IDs:

pwck -rq

Accounts that are displayed are in violation of this rule.