Hi
@Famara Bodian,
SSH access to nodes is controlled via iptables. Once you add a new node to a deployment, you will only be able to login to it via SSH via the Console, you won't be able to SSH into it via its IP. Therefore, what you want to control/monitor is SSH access to the Console, not the nodes (processors, collectors, AppHost etc).
I don't recommend you create a new user and setup sudo as I don't think that's officially supported by IBM. IBM QRadar is an appliance and, therefore, you are not meant to make changes as root. You could setup pubkey authentication for the root user in the Console, but I would still recommend you ask IBM about it.
What you should do is deploy IBM QRadar on its own zone and limit SSH access on your firewall.
Regards,
Damian
------------------------------
Cheers,
Damian Zinni
------------------------------
Original Message:
Sent: Wed June 03, 2020 08:47 AM
From: Famara Bodian
Subject: QRadar : disable remote root login
Hello everybody.
I wonder if it is possible to disable ssh access to the root account without impacting QRadar?
For example by changing the PermitRootLogin parameter to no in the sshd config file
------------------------------
Famara Bodian
------------------------------