000034318 - Does Web Threat Detection user Require Direct Network Access?

Document created by RSA Customer Support Employee on Nov 3, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034318
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition: 4.x - 6.1
IssueOur Customers may be asked by their network security organization questions concerning the 'rsawtd' user.  Specifically, what are the requirements for directory permissions and direct network access.
Example Customer question --  Our SilverTail servers are being identified as having Direct Network detected for rsawtd – direct network access is enabled. As far as I remember, this is the id used for the software. So this access is needed. Can you please confirm if the user rsawtd needs direct network access?  
Directory Permissions
The user ID rsawtd is the main user in WTD.  This user is set as the owner for the  var/opt/silvertail/* directories. 
This user owns and runs the processes in WTD... just do a top -H or ps -ef  on one of your servers and you will see. 

Cassandra database utilizes the rsawtd user to own processes, but not for the actual user name for database access.

Please Note: It is recommended to change the default name and password for Cassandra upon installation.
(from installation guide version 6.1)

Direct Network Access
WTD runs and communicates to distributed the service components across multiple servers. These are typically located across the local, internal network, so this user requires network access.  Please note that all WTD components use the same Cert and Key files to validate SSL connections with other components.