Details of the sisips account used in Symantec Data Center Security Agent (DCSSA) such as:
What is the password of sisips user?
Can you login to the system from outside using 'sisips' user?
Purpose:
The sisips account is created during the installation progress. The user for all unix DCS agents is a restricted account and without password pre-set. This will prohibit login to the system by sisips user.
By checking the /etc/shadow, the char "!!" stayed at the column of the encrypted password, this means the login is disabled by default.
The purpose of sisips account is to run some agent management and config tools. The privileges of the account is constrained, the administrator must su to sisips from super user such as root.
sisips user cannot start/stop IDS/IPS services.
Setting a password for this account is not recommended. The user is created ONLY for SCSP agent management and running some particular tasks related with the config or management, the login attempt from outside by sisips will be prohibited by default. To summarize:
The following are examples relating to this:
Looking at a sample Gather Agent Information, following is found in the agent_intsall.log
11/10/20 08:54:54: checkPasswordAging: user 'sisips'...
11/10/20 08:54:54: checkPasswordAging: Running /opt/Symantec/sdcssagent/IPS/sisipspasswdage.sh
If Password aging is enabled on a unix host, once the password expires,
even though the sisips user account is disabled (no login), it prompts you
to change/set the password. This can keep the IPS agent from starting up
and will appear OFFLINE.
User `sisips` password expires (Jan 11, 2021)**
(**which is either in weeks or exact date/timestamp depending on OS).
Disable password aging for user (sisips)......SUCCESS
What this means is that, if the machine has password aging enabled, the sisipspasswdage.sh will need to be run again before the password expires else the scripts that need to su to sisips will not work.