Running the hardening script on the Console

To help secure the system, you must run hardening scripts on the IBM QRadar Console.

Before you begin

Before you run the hardening script, verify that the stiguser can log in remotely.

You can not revert the STIG hardening script on a QRadar appliance. Ensure you have created appropriate backups before you run the hardening script.

After you run the hardening script on the QRadar appliance, you are not able to log in as a root user from a terminal. Ensure you have created a non-root user as outlined in Creating a non-root user in a STIG-compliant environment.

Procedure

  1. Go to the STIG directory by typing the following command:

    cd /opt/qradar/util/stig/bin

  2. Run the STIG hardening script by typing the following command:

    ./stig_harden.sh -a

    Type yes at the following prompt: Do you want to continue (yes/no)?

  3. Restart the QRadar appliance.
  4. Verify that the stiguser can log in remotely and can elevate to root with the following command sudo cat /etc/shadow.
    If you are hardening a managed host (MH), ensure root authentication from the Console to the MH is still working using certificates by completing the following steps.
    1. Use Secure Shell Protocol (SSH) to log in to the console using stiguser (or appropriate user created in the previous steps)
    2. SSH to the MH (ssh stiguser@<IP of MH>)

What to do next

Edit the QRadar configuration.