Questions about password for sisipsdaemon in CSP. Why does SCSP use the sisips user?
The sisips user does not have a password, and the account is locked by default. Because of this it can not be used to login to the box. You can only SU to the sisips user once you are already logged in as root. The sisips user is used by sisipsdaemon and sisipsutildaemon so that they can run under a non-root user (sisips) which is best for security as they have to communicate over the network ( i.e. with the SCSP server ).
Also the Agent wil run a script if password aging is enabled on a system to stop sisips from get a password change popup, here is everything about that:
Looking at a customer GAI I see the following in the agent_intsall.log
12/03/16 00:11:49: checkPasswordAging: user 'sisips'...
12/03/16 00:11:49: checkPasswordAging: Running /opt/Symantec/sdcssagent/IPS/sisipspasswdage.sh
If Password aging is enabled on a unix host, once the password expires,
even though the sisips user account is disabled (no login), it prompts you
to change/set the password. This can keep the IPS agent from starting up
and will appear OFFLINE.
User `sisips` password expires (Jan 16, 2017)**
(**which is either in weeks or exact date/timestamp depending on OS).
Disable password aging for user (sisips)......SUCCESS
What this says is that if the machine has password ageing enabled, the sisipspasswdage.sh will need to be run again before the password
expires else the scripts that need to su to sisips will not work.