LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Closed Thread
 
Search this Thread
Old 02-04-2009, 01:01 PM   #1
CoffeeKing!!!
Member
 
Registered: Mar 2008
Posts: 117

Rep: Reputation: Disabled
the significance and name of the 5th column of /var/log/auth.log (ubuntu server)?


What is the significance and name of the 5th column of /var/log/auth.log of my ubuntu server?

When I:
Code:
cat /var/log/auth.log | awk {'print $5'}
I get:
Code:
CRON[5966]:
CRON[5979]:
CRON[5979]:
CRON[6046]:
CRON[6046]:
CRON[6082]:
CRON[6082]:
CRON[6149]:
CRON[6149]:
sshd[6216]:
sshd[6216]:
and so on. What are these cron jobs running and what does the number next to them mean?
 
Old 02-04-2009, 01:11 PM   #2
CoffeeKing!!!
Member
 
Registered: Mar 2008
Posts: 117

Original Poster
Rep: Reputation: Disabled
The crons must be tcp keep alives?

Code:
cat /var/log/auth.log | awk {'print $3" ", $5'}
Code:
13:10:01  CRON[5979]:
13:10:02  CRON[5979]:
13:17:01  CRON[6046]:
13:17:01  CRON[6046]:
13:20:01  CRON[6082]:
13:20:02  CRON[6082]:
13:30:01  CRON[6149]:
13:30:02  CRON[6149]:
13:33:32  sshd[6216]:
13:33:32  sshd[6216]:
13:39:01  CRON[6266]:
Can someone tell me more? What is pam_unix doing every ten minutes!!!???
Code:
crontab -u root -l
shows no crontab for root!!!


edit :
Code:
cat /var/log/auth.log
Code:
Feb  4 13:39:01 server CRON[6266]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 13:39:01 server CRON[6266]: pam_unix(cron:session): session closed for user root
Feb  4 13:40:01 server CRON[6307]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 13:40:02 server CRON[6307]: pam_unix(cron:session): session closed for user root
Feb  4 13:50:01 server CRON[6423]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 13:50:02 server CRON[6423]: pam_unix(cron:session): session closed for user root
Feb  4 14:00:01 server CRON[6513]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 14:00:02 server CRON[6513]: pam_unix(cron:session): session closed for user root
Feb  4 14:09:01 server CRON[6660]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 14:09:01 server CRON[6660]: pam_unix(cron:session): session closed for user root
Feb  4 14:10:01 server CRON[6695]: pam_unix(cron:session): session opened for user root by (uid=0)

Last edited by CoffeeKing!!!; 02-04-2009 at 03:46 PM.
 
Old 02-04-2009, 10:48 PM   #3
CoffeeKing!!!
Member
 
Registered: Mar 2008
Posts: 117

Original Poster
Rep: Reputation: Disabled
please erase this thread admin...

I've refined my question
 
Old 02-04-2009, 11:09 PM   #4
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 428

Rep: Reputation: 65
Please close the thread as it is a duplicate and has already been answered here
http://www.linuxquestions.org/questi...th.log-702381/
 
Old 02-05-2009, 08:32 AM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
This thread is a duplicate and has been closed.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/auth.log doens't have correct date and hostname (Solution) alfmarius Linux - Newbie 0 10-07-2008 07:09 AM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 05:13 PM
suspicious entry in /var/log/auth.log buehler Linux - Security 5 04-27-2005 06:11 PM
/var/log/auth.log entries buehler Linux - Security 1 04-23-2005 05:45 PM
weird stuff in /var/log/auth.log bschiett Linux - Security 3 03-12-2005 09:29 AM


All times are GMT -5. The time now is 02:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration