About the delete of seos.audit.bak file
search cancel

About the delete of seos.audit.bak file


Article ID: 142691


Updated On:


CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC)


There is a seos.audit.bak file in $SEOSDIR/log directory.

*SEOSDIR is PIM/PAMSC installation directory.

The file is a backup file of seos.audit file.

When PIM/PAMSC services are running, the file cannot be removed using rm command.


#rm seos.audit.bak

rm: remove regular file 'seos.audit.bak'? y

rm: cannot remove 'seos.audit.bak': Permission denied


Release : All versions

Component : PIM/PAMSC


Yes, it is correct design.

#seaudit -a -sd today
<Date&Time> D FILE         root       Erase     995 10 /opt/CA/AccessControl/log/seos.audit.bak /usr/bin/rm          <IP address>                  root

#seaudit -t | grep 995
995     Unauthorized access to internal resource

The file will not be able to be removed because the file is protected internally(not in seosdb).
So please add the following rule like this.

AC> nr file /opt/CA/AccessControl/log/seos.audit.bak* owner(nobody) defacc(a) audit(a)

We should be able to remove the file.

Additional Information

When add this rule, suggest to add following rule at same time.

AC> nr file /opt/CA/AccessControl/log/seos.audit owner(nobody) defacc(r) audit(a)
or specific ACL rule.

Because, it may failed to remove when seos.audit is rotate first time while running. 
And trace shows following message:
  FILE    > Results: 'D' Privileged Access Manager Server Control File Only '/opt/CA/AccessControl/log/seos.audit'