A STIG-hardened system disables remote root login by default. Enable remote root login to
pair HA hosts with STIG hardened systems.
Before you begin
Important: All HA systems need to be unpaired when you run the STIG hardening. If you
want to harden the HA systems in a cluster, unpair the HA cluster, and then run the STIG hardening
script on each system. After the STIG hardening script is run, you can pair the HA systems
again.
Procedure
-
On your QRadar® console command line, log in as a sudo user to one of the hosts that you want to pair in a HA cluster.
- Open the file /etc/ssh/sshd_config as sudo in a text editor of your
choice and modify the following line by changing no to
yes:
PermitRootLogin no
- Save your changes and close the file.
- Restart sshd services by typing the following command:
$ sudo systemctl restart sshd
- Log out of the host.
Tip: Repeat steps 1 - 5 on any other hosts that you want to pair in a HA cluster.
- Pair the hosts in a HA cluster. For more information, see Creating an HA cluster
(https://www.ibm.com/support/knowledgecenter/SS42VS_7.4/com.ibm.qradar.doc/t_qradar_ha_create_cluster.html).
- On the command line, log in as a sudo user to one of the hosts that you placed into the
HA cluster.
- Open the file /etc/ssh/sshd_config in a text editor and modify the
following line by changing yes to no:
PermitRootLogin yes
- Save your changes and close the file.
- To restart sshd services, type the following command:
$ sudo systemctl restart sshd
- Log out of the host.
Tip: Repeat steps 7 - 11 for any other hosts that you placed into the HA cluster.
Results
A message is displayed to indicate whether the pairing was successful.