Maintenance in STIG-compliant QRadar deployments

QRadar updates or upgrades might undo the configuration changes that were made to make your IBM QRadar deployment STIG compliant.

Important: Administration and maintenance actions typically require elevated permissions and should be run as root, not a non-root account. After logging in as a non-root account (stiguser), elevate to root prior to running the administrative or maintenance command(s).

Elevate to root from a non-root account: sudo su -

Software updates

Files or scripts in the /opt/qradar directory might be impacted by QRadar software updates, including the logging configuration and SSHD configuration.

After applying updates, restore the hardening configuration by rerunning the hardening scripts, and then verify that the manual changes that you made are implemented.

Software upgrades

Before you upgrade a STIG-compliant QRadar deployment, ensure that you have a full backup that is up to date, and that you test the software upgrades in a pre-production environment.

If you can't test a software upgrade in a pre-production environment, and you want to be fully protected before you upgrade QRadar software on a STIG hardened system, back up your data and system configuration and then take the following steps:

  1. Reinstall RHEL and QRadar software.
  2. Install software fixes.
  3. Restore the data and system configuration.
  4. Run the STIG scripts.

For more information about backing up your QRadar deployment, see Backup and recovery in the IBM QRadar Administration Guide.