It has been noticed that during Rollover of Logs or Traces for the Policy Server, for instance at midnight, there is a temporary file being created, which afterwards is renamed as sn.registry
A file monitoring tool may throw messages like the following ones:
The file /opt/CA/siteminder/registry/fileuWpdrq.2051168059 had been written at Thu Jun 1 23:59:08 2023 The file /opt/CA/siteminder/registry/sm.registry had been moved at Thu Jun 1 23:59:08 2023
The file /opt/CA/siteminder/registry/fileK6wE0W.2051167338 had been written at Thu Jun 1 23:59:07 2023 The file /opt/CA/siteminder/registry/sm.registry had been moved at Thu Jun 1 23:59:07 2023
The question arises what those files are and if they may pose any kind of security concern
CA SiteMinder Policy server 12.8.04
This temporay file is created by the Policy Server, it's intended behavior is as expected,
This file gets created if there are any modifications required to be done on sm.registry.
In Windows it is not reproduced.as the registry is not a file to read. In windows the Policy Server can update each registry independently.
In Linux the registry data is present as a file(sm.registy), So the Policy Server reads all the data from sm.registy to local cache, then it updates the data in local cache , then it writes the data to a temporary file and renames the temporary file to sm.registry.
Even if all that happens is that the policy server logs or traces get rolled, that still requires the modification of at least the following entry in sm.registry:
TraceLastRolloverTime= 0x6493ef15; REG_DWORD
So this file will be generated even if all that happens in the Policy server is log rotation or any internal process changing any of its values
This behaviour is working as designed and it can be safely ignored