Remove Sguil User
322 views
Skip to first unread message
TJ
Apr 21, 2015, 1:51:05 PM4/21/15
to securit...@googlegroups.com
Hello,
Can anyone tell me how to remove or disable a Sguil user?
Thanks!
Can anyone tell me how to remove or disable a Sguil user?
Thanks!
Doug Burks
Apr 21, 2015, 4:05:07 PM4/21/15
to securit...@googlegroups.com
Hi TJ,
You probably don't want to remove a Sguil user since it may have
entries in the Sguil database. Instead, reset the user's password to
a random password that nobody knows:
sudo nsm_server_user-passwd
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
You probably don't want to remove a Sguil user since it may have
entries in the Sguil database. Instead, reset the user's password to
a random password that nobody knows:
sudo nsm_server_user-passwd
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
TJ
Apr 21, 2015, 5:25:34 PM4/21/15
to securit...@googlegroups.com
Is there a "disabled" state or similar? I've got auditors that are not satisfied with the account of an inactive employee being active.
I did the password change.
Thanks
Tim
Bamm Visscher
Apr 21, 2015, 6:48:04 PM4/21/15
to securit...@googlegroups.com
Disabling of the user ID is supported via:
This marks the account as LOCKED and prevents the user from logging in. The user information remains in the database in order to maintain a proper history of activity performed by the user.
Bamm
--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Doug Burks
Apr 22, 2015, 8:09:49 AM4/22/15
to securit...@googlegroups.com
Thanks, Bamm!
I've added the following to the Passwords page on our Wiki:
Disable accounts with "sudo sguild -disableuser USER" (replacing USER
with the actual username you'd like to disable).
https://github.com/Security-Onion-Solutions/security-onion/wiki/Passwords#sguil
I've added the following to the Passwords page on our Wiki:
Disable accounts with "sudo sguild -disableuser USER" (replacing USER
with the actual username you'd like to disable).
https://github.com/Security-Onion-Solutions/security-onion/wiki/Passwords#sguil
Reply all
Reply to author
Forward
0 new messages