IBM QRadar - Forgot Password

2021-06-25
2021-06-25
1 min read
Hits

  本文完整复现了忘记 IBM QRadar 管理员 admin 密码导致无法登录,而后通过 root 账户使用 SSH 登陆 QRadar 服务器重置 admin 密码的全过程。

2021.07.07 增加了修改 QRadar 网络设置的命令

  昨晚博主犯了个很低级的错误,就是在安装完 QRadar 准备登陆的时候,发现 admin 密码怎么都输不对了……领导看到也表示很无语(还好,饭碗没丢)

  祸兮福之所倚,福兮祸之所伏。通过这个低级错误,反而获得了一个似乎人尽皆知,但是我从未注意过的及其重要的思路(领导毕竟是领导,一句话点醒一生……)

服务器 root 权限最高,所以一定能修改运行在服务器上的程序的 admin 密码。

Note

This procedure requires that you restart the Tomcat service and deploy changes, resulting in a temporary loss of access to the QRadar user interface while services restart. Administrators can complete this procedure during a scheduled maintenance window as users are logged out, exports in process are interrupted, and scheduled reports might need to be restarted manually.

Reset Admin Password

/opt/qradar/support/changePasswd.sh -a     # 一行命令重置 QRadar admin 密码

Restart Tomcat

systemctl restart tomcat     # 重置成功后重启 tomcat 服务

Log in to the User Interface as an Administartor

Click Admin tab > Advanced > Deploy Full Configuration

Official Docs

QRadar: Changing the admin account password from the UI or CLI

Change QRadar Network Setting

qchange_netsetup     # 以 root 身份登陆 QRadar 服务器并运行该行代码以修改 QRadar 网络设置
Avatar

Hui.Ke

❤ Cyber Security | Safety is a priority.