Standard Linux Users
The tables describe the standard Linux user accounts that are created on the JSA console and other JSA product components (All In One console, JSA Risk Manager, QRadar Network Insights, App Host, and all other managed hosts).
The following tables show standard Linux user accounts for RedHat and JSA.
User Account |
Login to the Login Shell |
Purpose |
---|---|---|
root (password required) |
Yes |
RedHat user |
bin |
No |
Linux Standard Base |
daemon |
No |
Linux Standard Base |
adm |
No |
Linux Standard Base |
lp |
No |
Linux Standard Base |
sync |
No |
Linux Standard Base |
shutdown |
No |
Linux Standard Base |
halt |
No |
Linux Standard Base |
No |
Linux Standard Base |
|
operator |
No |
Linux Standard Base |
games |
No |
RedHat user |
ftp |
No |
RedHat user |
nobody |
No |
Linux Standard Base |
systemd-network |
No |
RedHat user |
dbus |
No |
RedHat user |
polkitd |
No |
RedHat user |
sshd |
No |
RedHat user |
rpc |
No |
RedHat user |
rpcuser |
No |
RedHat user |
nfsnobody |
No |
RedHat user |
abrt |
No |
RedHat user |
ntp |
No |
RedHat user |
tcpdump |
No |
RedHat user |
tss |
No |
RedHat user |
saslauth |
No |
RedHat user |
sssd |
No |
RedHat user |
User Account |
Login to the Login Shell |
Purpose |
---|---|---|
ziptie |
No |
Ziptie service used by JSA Risk Manager |
si-vault |
No |
JSA Vault service used by JSA to store secrets and manage internal certificates |
vis |
No |
JSA VIS service used by JSA to process scan results |
si-registry |
No |
JSA Docker Registry Service used by JSA for App Framework |
customactionuser |
No |
JSA Custom Actions used to isolate custom actions into a chroot jail |
mks |
No |
MKS JSA component for handling secrets |
qradar |
No |
General user for JSA |
qvmuser |
No |
JSA Vulnerability Manager used by JSA Vulnerability Manager |
postgres |
No (account locked) |
PostgreSQL database used by JSA |
tlsdated |
No |
Tlsdate legacy time sync tool that was previously used by JSA |
traefik |
No |
Traefik service proxies Docker Containers for JSA App Framework |
gluster |
No |
GlusterFS used by JSA HA on event collectors |
openvpn |
No |
OpenVPN optional VPN tool installed by JSA |
chrony |
No |
Chronyd service time sync tool used by JSA |
apache |
No |
Apache Web Server used by JSA |
postfix |
No |
Mail Service used by JSA to send email |