IBM Support

QRadar: Changing the admin account password from the UI or CLI

Question & Answer


Question

What is the procedure for changing the local admin account password for the User Interface (UI) and the Command-Line Interface (CLI)?

Answer

The recommended method to change the password for the admin account is via the UI. However, since that requires you to log in to the UI with the admin account, it can be necessary, for example in recovery scenarios, to change the admin account password by using the appliance command-line interface (CLI). Procedures for both the UI method and the CLI method are explained in these examples.

 

How to change the admin account password in the user interface (7.3.2 and later)

  1. Log in to the QRadar user interface with an administrator (admin) account.
  2. Click the User Preferences icon
  3. From the menu shown, select User Preferences.
    image-20190816165104-1
  4. Scroll down to Authentication and change the admin account password.
  5. Click Save.

    Results
    The admin account password is now changed.

How to change the admin account password in the user interface (7.3.1 and earlier)

  1. Log in to the QRadar user interface with an administrator (admin) account.
  2. Click the admin menu.
  3. From the menu shown, select User Preferences.
  4. Use the form displayed to change the admin account password.
  5. Click Save.

    Results
    The admin account password is now changed.

How to change the admin account password in the command-line interface (all versions)

Note: This procedure requires that you restart the Tomcat service and deploy changes, resulting in a temporary loss of access to the QRadar user interface while services restart. Administrators can complete this procedure during a scheduled maintenance window as users are logged out, exports in process are interrupted, and scheduled reports might need to be restarted manually.


If you do not have access to the admin account from the user interface, it can be necessary to change the admin password from the command-line interface.
  1. Using SSH, log in to the QRadar Console as the root user.
  2. To change the admin user password, type: /opt/qradar/support/changePasswd.sh -a
  3. Enter the new password as prompted.
  4. Confirm the new password.
  5. Restart the UI service with the command:
    1. QRadar 7.4.x or 7.3.x type the command:
      systemctl restart tomcat
    2. QRadar 7.2.8 type the command:
      service tomcat restart
  6. Log in to the user interface as an administrator.
  7. Click Admin tab > Advanced > Deploy Full Configuration.

    Results
    After services restart, the admin account password is updated.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Password Management","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
08 December 2020

UID

swg21994962