ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

The denied audit log for the access to files under/proc

book

Article ID: 188100

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

The denied audit log for the access to files under/proc with code 995.

DATE TIME    D FILE         user       CrWrite   995 10 /proc/file            /program/path       host                  user

Cause

This is working as intended.
Write access to the files under /proc is internal protected.
The code 995 means "Unauthorized access to internal resource".

Environment

Release : 14.1

Component : PAM SERVER CONTROL ENDPOINT UNIX/LINUX

Resolution

There is no real solution to prevent the '995' events appearing in seaudit

One option would be to set a specialpgm for the process  performing the access, e.g.:
AC> er SPECIALPGM /program/path pgmtype(all)


The audit log can be eliminated by audit.cfg.

Additional Information

This is also same on 12.8 SP1