There is a seos.audit.bak file in $SEOSDIR/log directory.
*SEOSDIR is PIM/PAMSC installation directory.
The file is a backup file of seos.audit file.
When PIM/PAMSC services are running, the file cannot be removed using rm command.
rm: remove regular file 'seos.audit.bak'? y
rm: cannot remove 'seos.audit.bak': Permission denied
Release : All versions
Component : PIM/PAMSC
Yes, it is correct design.
#seaudit -a -sd today
<Date&Time> D FILE root Erase 995 10 /opt/CA/AccessControl/log/seos.audit.bak /usr/bin/rm <IP address> root
#seaudit -t | grep 995
995 Unauthorized access to internal resource
The file will not be able to be removed because the file is protected internally(not in seosdb).
So please add the following rule like this.
AC> nr file /opt/CA/AccessControl/log/seos.audit.bak* owner(nobody) defacc(a) audit(a)
We should be able to remove the file.
When add this rule, suggest to add following rule at same time.
AC> nr file /opt/CA/AccessControl/log/seos.audit owner(nobody) defacc(r) audit(a)
or specific ACL rule.
Because, it may failed to remove when seos.audit is rotate first time while running.
And trace shows following message:
FILE > Results: 'D' Privileged Access Manager Server Control File Only '/opt/CA/AccessControl/log/seos.audit'