To help secure the system, you must run hardening scripts on the IBM
QRadar Console.
Before you begin
Before you run the hardening script, verify that the stiguser can log in
remotely.
You can not revert the STIG hardening script on a QRadar appliance. Ensure you have created
appropriate backups before you run the hardening script.
After you run the hardening script on the QRadar appliance, you are not able to log in as a root
user from a terminal. Ensure you have created a non-root user as outlined in Creating a non-root user in a STIG-compliant environment.
Procedure
-
Go to the STIG directory by typing the following command:
cd /opt/qradar/util/stig/bin
-
Run the STIG hardening script by typing the following command:
./stig_harden.sh -a
Type yes at the following prompt: Do you want to continue
(yes/no)?
-
Restart the QRadar
appliance.
-
Verify that the stiguser can log in remotely and can elevate to root with
the following command sudo cat /etc/shadow.
If you are hardening a managed host (MH), ensure root authentication from the Console to the
MH is still working using certificates by completing the following steps.
- Use Secure Shell Protocol (SSH) to log in to the console using stiguser (or
appropriate user created in the previous steps)
- SSH to the MH (ssh stiguser@<IP of MH>)