Hi guys, I have some /var/log/auth.log entries that I don't understand well.
First, there's pam_unix session getting opened and closed by root. What's all this opennings and closings?
Second, the user nobody performed su. What could this be?
There isn't an IP associated with any of this, so I probably shouldn't be worried. But, I just want to be aware.
I appreciate your advice!
Jun 25 06:09:01 mydomain CRON[16326]: (pam_unix) session opened for user root by (uid=0)
Jun 25 06:09:01 mydomain CRON[16328]: (pam_unix) session opened for user root by (uid=0)
Jun 25 06:09:01 mydomain CRON[16326]: (pam_unix) session closed for user root
Jun 25 06:09:01 mydomain CRON[16328]: (pam_unix) session closed for user root
Jun 25 06:17:01 mydomain CRON[16347]: (pam_unix) session opened for user root by (uid=0)
Jun 25 06:17:01 mydomain CRON[16347]: (pam_unix) session closed for user root
Jun 25 06:25:01 mydomain CRON[16350]: (pam_unix) session opened for user root by (uid=0)
Jun 25 06:25:02 mydomain su[16390]: Successful su for nobody by root
Jun 25 06:25:02 mydomain su[16390]: + ??? root:nobody
Jun 25 06:25:02 mydomain su[16390]: (pam_unix) session opened for user nobody by (uid=0)
Jun 25 06:25:02 mydomain su[16390]: (pam_unix) session closed for user nobody
Jun 25 06:25:02 mydomain su[16394]: Successful su for nobody by root
Jun 25 06:25:02 mydomain su[16394]: + ??? root:nobody
Jun 25 06:25:02 mydomain su[16394]: (pam_unix) session opened for user nobody by (uid=0)
Jun 25 06:25:02 mydomain su[16394]: (pam_unix) session closed for user nobody
Jun 25 06:25:02 mydomain su[16396]: Successful su for nobody by root
Jun 25 06:25:02 mydomain su[16396]: + ??? root:nobody
Jun 25 06:25:02 mydomain su[16396]: (pam_unix) session opened for user nobody by (uid=0)
Jun 25 06:25:02 mydomain su[16396]: (pam_unix) session closed for user nobody
Jun 25 06:25:03 mydomain CRON[16350]: (pam_unix) session closed for user root
Jun 25 06:39:01 mydomain CRON[16470]: (pam_unix) session opened for user root by (uid=0)
-------
My favorite websites:
Buy and sell
class notes,
old exams,
papers,
lab reports,
admission essays.
Ask and answer
Linux questions.
Read
free books without walking to the library.