About user info displayed by inspection log

book

Article ID: 77669

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

According to my customer,
they saw a user who doesn't exist in seosdb and /etc/passwd file in seos.audit file.
<Date&Time> W FILE <the user> Write 202 4 
 

Cause

The user doesn't exist but a process for the user was being run on the Linux box.
Then, a file was accessed by the process.

Environment

RedHat Linux 7.2
CA PIM 12.8SP1 Endpoint

Resolution

Please stop the process and please check LADB.
If the user exists in LADB, please remove the user from LADB.
<rebuild LADB>
#sebuildla -u 
<check LADB>
#sebuildla -U