|Applies To||RSA Product Set: Web Threat Detection|
RSA Product/Service Type: Mitigator
RSA Version/Condition: 4.x - 6.1
|Issue||Our Customers may be asked by their network security organization questions concerning the 'rsawtd' user. Specifically, what are the requirements for directory permissions and direct network access.|
Example Customer question -- Our SilverTail servers are being identified as having Direct Network detected for rsawtd – direct network access is enabled. As far as I remember, this is the id used for the software. So this access is needed. Can you please confirm if the user rsawtd needs direct network access?
The user ID rsawtd is the main user in WTD. This user is set as the owner for the var/opt/silvertail/* directories.
This user owns and runs the processes in WTD... just do a top -H or ps -ef on one of your servers and you will see.
Cassandra database utilizes the rsawtd user to own processes, but not for the actual user name for database access.
Please Note: It is recommended to change the default name and password for Cassandra upon installation.
Direct Network Access
WTD runs and communicates to distributed the service components across multiple servers. These are typically located across the local, internal network, so this user requires network access. Please note that all WTD components use the same Cert and Key files to validate SSL connections with other components.