Changed accounts (UNIX)

Module: Account Integrity

This check reports user accounts that were changed after the last user snapshot update. Reported changes include user id, group id, home directory, login shell, and GECOS field.

The following table lists the error message for the check.

Table: Error message for Changed accounts

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information


Category: ESM Administrative Information

UNIX (5161)

Title: Changed user account

Description:The listed accounts have changed on your system since the last time the Symantec ESM user snapshot was updated. If these accounts were not changed by the system administrator, they could represent a security breach. Check all account changes to be sure they are authorized. Then update your snapshot to include all authorized changes.

Severity: yellow-1

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]