There is a seos.audit.bak file in $SEOSDIR/log directory.

*SEOSDIR is PIM/PAMSC installation directory.

The file is a backup file of seos.audit file.

When PIM/PAMSC services are running, the file cannot be removed using rm command.

#rm seos.audit.bak

rm: remove regular file 'seos.audit.bak'? y

rm: cannot remove 'seos.audit.bak': Permission denied

Release : All versions

Component : PIM/PAMSC

Yes, it is correct design.

#seaudit -a -sd today
<Date&Time> D FILE         root       Erase     995 10 /opt/CA/AccessControl/log/seos.audit.bak /usr/bin/rm          <IP address>                  root

#seaudit -t | grep 995
995     Unauthorized access to internal resource

The file will not be able to be removed because the file is protected internally(not in seosdb).
So please add the following rule like this.

AC> nr file /opt/CA/AccessControl/log/seos.audit.bak* owner(nobody) defacc(a) audit(a)

We should be able to remove the file.

When add this rule, suggest to add following rule at same time.

AC> nr file /opt/CA/AccessControl/log/seos.audit owner(nobody) defacc(r) audit(a)
or specific ACL rule.

Because, it may failed to remove when seos.audit is rotate first time while running. 
And trace shows following message:
  FILE    > Results: 'D' Privileged Access Manager Server Control File Only '/opt/CA/AccessControl/log/seos.audit'