Standard Linux users

The tables describe the standard Linux® user accounts that are created on the QRadar® Console SIEM server and on other QRadar product components like QRadar SIEM All-in-One (QRadar Console), QRadar Risk Manager, QRadar Incident Forensics, QRadar Network Insights, App Host, and all other managed hosts).

The following tables show standard Linux user accounts for Red Hat and QRadar.

Table 1. Standard Linux user accounts for Red Hat
User account Log in to the Login Shell Purpose
root (password required) Yes Red Hat user
bin No Linux Standard Base
daemon No Linux Standard Base
adm No Linux Standard Base
lp No Linux Standard Base
sync No Linux Standard Base
shutdown No Linux Standard Base
halt No Linux Standard Base
mail No Linux Standard Base
operator No Linux Standard Base
games No Red Hat user
ftp No Red Hat user
nobody No Linux Standard Base
systemd-network No Red Hat user
dbus No Red Hat user
polkitd No Red Hat user
sshd No Red Hat user
rpc No Red Hat user
rpcuser No Red Hat user
nfsnobody No Red Hat user
abrt No Red Hat user
ntp No Red Hat user
tcpdump No Red Hat user
tss No Red Hat user
saslauth No Red Hat user
sssd No Red Hat user
Table 2. Standard Linux user accounts for QRadar
User Account Login to the Shell Purpose
ziptie No Ziptie service used by QRadar Risk Manager
vis No QRadar VIS service used by QRadar to process scan results
customactionuser No QRadar Custom Actions used to isolate custom actions into a chroot jail
mks No MKS QRadar component for handling secrets
qradar No General user for QRadar
qvmuser No Used by QRadar Vulnerability Manager
postgres No (account locked) PostgreSQL database used by QRadar
tlsdated No Tlsdate legacy time sync tool that was previously used by QRadar
traefik No Traefik service proxies Docker Containers for QRadar App Framework
solr No Solr service used by QRadar Incident Forensics
openvpn No OpenVPN optional VPN tool installed by QRadar
chrony No Chronyd service time sync tool used by QRadar
apache No Apache Web Server used by QRadar
postfix No Mail Service used by QRadar to send email
vsftpguest No FTP service used in QRadar Incident Forensics
unbound No DNS Root Server used by QRadar on Cloud
nscd No Name Service Cache Daemon used by QRadar
qniconfiguser No Deployment configuration used by QRadar Network Insights
nslcd No Used by QRadar for LDAP functionality
fusionvm No Used by QRadar Vulnerability Manager