About user info displayed by inspection log
Article ID: 77669
Updated On:
Products
CA Virtual Privilege Manager
CA Privileged Identity Management Endpoint (PIM)
CA Privileged Access Manager (PAM)
Issue/Introduction
According to my customer,
they saw a user who doesn't exist in seosdb and /etc/passwd file in seos.audit file.
<Date&Time> W FILE <the user> Write 202 4
they saw a user who doesn't exist in seosdb and /etc/passwd file in seos.audit file.
<Date&Time> W FILE <the user> Write 202 4
Cause
The user doesn't exist but a process for the user was being run on the Linux box.
Then, a file was accessed by the process.
Then, a file was accessed by the process.
Environment
RedHat Linux 7.2
CA PIM 12.8SP1 Endpoint
CA PIM 12.8SP1 Endpoint
Resolution
Please stop the process and please check LADB.
If the user exists in LADB, please remove the user from LADB.
<rebuild LADB>
#sebuildla -u
<check LADB>
#sebuildla -U
If the user exists in LADB, please remove the user from LADB.
<rebuild LADB>
#sebuildla -u
<check LADB>
#sebuildla -U
Feedback
Yes
No
Powered by
