How To
Summary
This technote shows you how to change your QRadar® CLI timeout period from the default 10 min. This configuration change must be completed on each appliance
Environment
QRadar 7.5.x (all upgrade pack versions)
Steps
Important: Changing this value can conflict with your organization's security policy and requirements. Check the policies and requirements before you make any changes.
- Log in to your Console by using your root account credentials. If you have a nonpriviledged account, use sudo -i or su -.
- Check the current values:
grep ClientAliveInterval /etc/ssh/sshd_config
grep ClientAliveInterval /opt/qradar/conf/ssh/sshd_config.defaults
Note: Changes to the sshd configu persistent after a reboots. The default value is expressed in seconds. This technical note procedure sets the timeout value to 600 seconds or 10 minutes. For example,
#ClientAliveInterval 0
ClientAliveInterval 600
- Make a backup copy of both files by running the following command:
mkdir -pv /root/ssh_backup
cp -v /etc/ssh/sshd_config /root/ssh_backup/sshd_config.orig
cp -v /opt/qradar/conf/ssh/sshd_config.defaults /root/ssh_backup/sshd_config.defaults.orig - Open both files in an editor:
- vi /etc/ssh/sshd_config
- vi /opt/qradar/conf/ssh/sshd_config.defaults
- Change the value for ClientAliveInterval from 600 to a value that matches your security policy or requirements.
- Save your changes.
- Restart the sshd service, type: systemctl restart sshd
Results
Repeat this procedure on each host where you need to extend the default SSH timeout value. If you need to revert the changes, copy the original files to their original locations with their original file names, and restart the sshd service again.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
21 September 2023
UID
ibm16569163