Question & Answer
Question
Why are there new user accounts in my QRadar deployment that I can't access?
Cause
QRadar Versions 7.3.2 or later use the following user accounts for services to improve security and access control:
-
si-vault
-
traefik
-
si-registry
Answer
These specific accounts are used by the vault and traefik services, and by the docker registry that is used for app runtime. They control access, improve security and belong to specific groups that enable them to access data required for those services.
These accounts cannot be disabled, deleted, or renamed.
These accounts do not have a default password, and are strictly used to control access on the host. They cannot be logged in to locally or remotely.
Changing the shell from nologin is not supported.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.2 and later","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
20 June 2019
UID
ibm10888159