Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Standard Linux Users

 

The tables describe the standard Linux user accounts that are created on the JSA console and other JSA product components (All In One console, JSA Risk Manager, QRadar Network Insights, App Host, and all other managed hosts).

The following tables show standard Linux user accounts for RedHat and JSA.

Table 1: Standard Linux User Accounts for RedHat

User Account

Login to the Login Shell

Purpose

root (password required)

Yes

RedHat user

bin

No

Linux Standard Base

daemon

No

Linux Standard Base

adm

No

Linux Standard Base

lp

No

Linux Standard Base

sync

No

Linux Standard Base

shutdown

No

Linux Standard Base

halt

No

Linux Standard Base

mail

No

Linux Standard Base

operator

No

Linux Standard Base

games

No

RedHat user

ftp

No

RedHat user

nobody

No

Linux Standard Base

systemd-network

No

RedHat user

dbus

No

RedHat user

polkitd

No

RedHat user

sshd

No

RedHat user

rpc

No

RedHat user

rpcuser

No

RedHat user

nfsnobody

No

RedHat user

abrt

No

RedHat user

ntp

No

RedHat user

tcpdump

No

RedHat user

tss

No

RedHat user

saslauth

No

RedHat user

sssd

No

RedHat user

Table 2: Standard Linux User Accounts for JSA

User Account

Login to the Login Shell

Purpose

ziptie

No

Ziptie service used by JSA Risk Manager

si-vault

No

JSA Vault service used by JSA to store secrets and manage internal certificates

vis

No

JSA VIS service used by JSA to process scan results

si-registry

No

JSA Docker Registry Service used by JSA for App Framework

customactionuser

No

JSA Custom Actions used to isolate custom actions into a chroot jail

mks

No

MKS JSA component for handling secrets

qradar

No

General user for JSA

qvmuser

No

JSA Vulnerability Manager

postgres

No (account locked)

PostgreSQL database used by JSA

tlsdated

No

Tlsdate legacy time sync tool that was previously used by JSA

traefik

No

Traefik service proxies Docker Containers for JSA App Framework

gluster

No

GlusterFS used by JSA HA on event collectors

openvpn

No

OpenVPN optional VPN tool installed by JSA

chrony

No

Chronyd service time sync tool used by JSA

apache

No

Apache Web Server used by JSA

postfix

No

Mail Service used by JSA to send email