The denied audit log for the access to files under/proc
Article ID: 188100
CA Privileged Access Manager - Server Control (PAMSC)
The denied audit log for the access to files under/proc with code 995.
DATE TIME D FILE user CrWrite 995 10 /proc/file /program/path host user
Release : 14.1
Component : PAM SERVER CONTROL ENDPOINT UNIX/LINUX
This is working as intended.
Write access to the files under /proc is internal protected.
The code 995 means "Unauthorized access to internal resource".
There is no real solution to prevent the '995' events appearing in seaudit
One option would be to set a specialpgm for the process performing the access, e.g.:
AC> er SPECIALPGM /program/path pgmtype(all)
The audit log can be eliminated by audit.cfg.
This is also same on 12.8 SP1