Question & Answer
Question
What is the procedure for changing the local admin account password for the User Interface (UI) and the Command-Line Interface (CLI)?
Answer
The recommended method to change the password for the admin account is via the UI. However, since that requires you to log in to the UI with the admin account, it can be necessary, for example in recovery scenarios, to change the admin account password by using the appliance command-line interface (CLI). Procedures for both the UI method and the CLI method are explained in these examples.
If you do not have access to the admin account from the user interface, it can be necessary to change the admin password from the command-line interface.
How to change the admin account password in the user interface (7.3.2 and later)
- Log in to the QRadar user interface with an administrator (admin) account.
- Click the User Preferences icon
- From the menu shown, select User Preferences.
- Scroll down to Authentication and enter the new password into both New Password and Confirm New Password fields to change the admin account password.
- Click Save.
Results
The admin account password is now changed.
How to change the admin account password in the command-line interface
Note: This procedure requires that you restart the Tomcat service and deploy changes, resulting in a temporary loss of access to the QRadar user interface while services restart. Administrators can complete this procedure during a scheduled maintenance window as users are logged out, exports in process are interrupted, and scheduled reports might need to be restarted manually.
If you do not have access to the admin account from the user interface, it can be necessary to change the admin password from the command-line interface.
- Using SSH, log in to the QRadar Console as the root user.
- To change the admin user password, type:
/opt/qradar/support/changePasswd.sh -a - Enter the new password as prompted.
- Confirm the new password.
[root@qr750-3199-29271 ~]# /opt/qradar/support/changePasswd.sh -a Please enter the new admin password. Password: Confirm password: The admin password has been changed. - To restart the user interface, type:
Note: This command works on QRadar SIEM versions at QRadar 7.3.x and latersystemctl restart tomcat - Log in to the user interface as an administrator.
- Click Admin tab > Advanced > Deploy Full Configuration.
Important:
Performing a Deploy Full Configuration results in services being restarted. While services are restarting, event processing stops until services restart. Scheduled reports that are in-progress need to be manually restarted by users. Administrators with strict outage policies are advised to complete the Deploy Full Configuration step during a scheduled maintenance window for their organization.
Performing a Deploy Full Configuration results in services being restarted. While services are restarting, event processing stops until services restart. Scheduled reports that are in-progress need to be manually restarted by users. Administrators with strict outage policies are advised to complete the Deploy Full Configuration step during a scheduled maintenance window for their organization.
Results
After the service restarts, the admin account password is changed.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Password Management","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
27 June 2023
UID
swg21994962