Standard Linux users
The tables describe the standard Linux® user accounts that are created on the QRadar® Console SIEM server and on other QRadar product components like QRadar SIEM All-in-One (QRadar Console), QRadar Risk Manager, QRadar Incident Forensics, QRadar Network Insights, App Host, and all other managed hosts).
The following tables show standard Linux user accounts for Red Hat and QRadar.
User account | Log in to the Login Shell | Purpose |
---|---|---|
root (password required) | Yes | Red Hat user |
bin | No | Linux Standard Base |
daemon | No | Linux Standard Base |
adm | No | Linux Standard Base |
lp | No | Linux Standard Base |
sync | No | Linux Standard Base |
shutdown | No | Linux Standard Base |
halt | No | Linux Standard Base |
No | Linux Standard Base | |
operator | No | Linux Standard Base |
games | No | Red Hat user |
ftp | No | Red Hat user |
nobody | No | Linux Standard Base |
systemd-network | No | Red Hat user |
dbus | No | Red Hat user |
polkitd | No | Red Hat user |
sshd | No | Red Hat user |
rpc | No | Red Hat user |
rpcuser | No | Red Hat user |
nfsnobody | No | Red Hat user |
abrt | No | Red Hat user |
ntp | No | Red Hat user |
tcpdump | No | Red Hat user |
tss | No | Red Hat user |
saslauth | No | Red Hat user |
sssd | No | Red Hat user |
User Account | Login to the Shell | Purpose |
---|---|---|
ziptie | No | Ziptie service used by QRadar Risk Manager |
vis | No | QRadar VIS service used by QRadar to process scan results |
customactionuser | No | QRadar Custom Actions used to isolate custom actions into a chroot jail |
mks | No | MKS QRadar component for handling secrets |
qradar | No | General user for QRadar |
qvmuser | No | Used by QRadar Vulnerability Manager |
postgres | No (account locked) | PostgreSQL database used by QRadar |
tlsdated | No | Tlsdate legacy time sync tool that was previously used by QRadar |
traefik | No | Traefik service proxies Docker Containers for QRadar App Framework |
solr | No | Solr service used by QRadar Incident Forensics |
openvpn | No | OpenVPN optional VPN tool installed by QRadar |
chrony | No | Chronyd service time sync tool used by QRadar |
apache | No | Apache Web Server used by QRadar |
postfix | No | Mail Service used by QRadar to send email |
vsftpguest | No | FTP service used in QRadar Incident Forensics |
unbound | No | DNS Root Server used by QRadar on Cloud |
nscd | No | Name Service Cache Daemon used by QRadar |
qniconfiguser | No | Deployment configuration used by QRadar Network Insights |
nslcd | No | Used by QRadar for LDAP functionality |
fusionvm | No | Used by QRadar Vulnerability Manager |