search cancel

About user info displayed by audit log

book

Article ID: 77669

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

a user who doesn't exist in seosdb and /etc/passwd file appears in seos.audit file.
<Date&Time> W FILE <the user> Write 202 4 
 

Cause

The user doesn't exist currently but the process was executed by the user.
And the file was accessed by this process.

Environment

RedHat Linux 7.2
CA PIM 12.8SP1 Endpoint

Resolution

Please stop the process and please check LADB.
If the user exists in LADB, please remove the user from LADB.
<rebuild LADB>
#sebuildla -u 
<check LADB>
#sebuildla -U