IBM Support

QRadar - How to modify the Command-Line Interface timeout period

How To


Summary

This technote shows you how to change your QRadar® CLI timeout period from the default 10 min.

Environment

QRadar 7.4.x / 7.5.x

Steps

Important: Changing this value can conflict with your organization's security policy and requirements. Check the policies and requirements before you make any changes.
  1. Log in to your Console by using your root account credentials. If you have a nonpriviledged account, use sudo -i or su -.
  2. Check the current values:
    grep ClientAliveInterval /etc/ssh/sshd_config
    grep ClientAliveInterval /opt/qradar/conf/ssh/sshd_config.defaults
    //Note, changes in this file are persistent over logins and reboots.
    The default value is expressed in seconds. 600 seconds = 10 minutes.
    Expected output:
    #ClientAliveInterval 0
    ClientAliveInterval 600
  3. Make a backup copy of both files by running the following command:
    mkdir -pv /root/ssh_backup
    cp -v /etc/ssh/sshd_config /root/ssh_backup/sshd_config.orig
    cp -v /opt/qradar/conf/ssh/sshd_config.defaults /root/ssh_backup/sshd_config.defaults.orig
  4. Open both files in turn in an editor, make changes, and Save and Exit:
    • vi /etc/ssh/sshd_config
    • vi /opt/qradar/conf/ssh/sshd_config.defaults
  5. Change the value for ClientAliveInterval from 600 to a value that matches your security policy or requirements.
  6. Restart the sshd service: systemctl restart sshd
If you need to revert the changes, copy the original files to their original locations with their original file names, and restart the sshd service again.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
22 April 2022

UID

ibm16569163