About user info displayed by inspection log

Article Id: 77669

Status: Published

Updated On: 12-04-2018 22:13

Products:

CA Virtual Privilege Manager , CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction:

According to my customer,
they saw a user who doesn't exist in seosdb and /etc/passwd file in seos.audit file.
<Date&Time> W FILE <the user> Write 202 4

Cause:

The user doesn't exist but a process for the user was being run on the Linux box.
Then, a file was accessed by the process.

Environment:

RedHat Linux 7.2
CA PIM 12.8SP1 Endpoint

Resolution:

Please stop the process and please check LADB.
If the user exists in LADB, please remove the user from LADB.
<rebuild LADB>
#sebuildla -u
<check LADB>
#sebuildla -U