LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-04-2009, 09:59 PM   #1
CoffeeKing!!!
Member
 
Registered: Mar 2008
Posts: 117

Rep: Reputation: Disabled
What the %$#@ is pam_unix (cron:session) doing every ten minutes? (/var/log/auth.log)


I've googled and searched forums for hours. The most stop the constant logging in
Code:
var/log/auth.log
I need to know exactly what is happening. Not how to stop it. I've found no answers as to what is happening yet. The constant logging without explanation is making my head ring.

Code:
Feb  3 13:17:01 dixie CRON[13822]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  3 13:17:01 dixie CRON[13822]: pam_unix(cron:session): session closed for user root
Feb  3 13:20:01 dixie CRON[13961]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  3 13:20:01 dixie CRON[13961]: pam_unix(cron:session): session closed for user root
Feb  3 13:30:01 dixie CRON[14476]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  3 13:30:02 dixie CRON[14476]: pam_unix(cron:session): session closed for user root
Feb  3 13:40:01 dixie CRON[14966]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  3 13:40:01 dixie CRON[14966]: pam_unix(cron:session): session closed for user root
Feb  3 13:50:01 dixie CRON[15530]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  3 13:50:02 dixie CRON[15530]: pam_unix(cron:session): session closed for user root
Feb  3 14:00:01 dixie CRON[16207]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  3 14:00:01 dixie CRON[16207]: pam_unix(cron:session): session closed for user root
Feb  3 14:10:01 dixie CRON[16964]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  3 14:10:01 dixie CRON[16964]: pam_unix(cron:session): session closed for user root
Feb  3 14:17:01 dixie CRON[17367]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  3 14:17:01 dixie CRON[17367]: pam_unix(cron:session): session closed for user root
Feb  3 14:20:01 dixie CRON[17586]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  3 14:20:02 dixie CRON[17586]: pam_unix(cron:session): session closed for user root
 
Old 02-04-2009, 10:02 PM   #2
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 428

Rep: Reputation: 65
This is normal

cron has to be authenticated to the system just like everyone else and cron checks the config files to see if anything has changed. Since cron can run at any minute of the day you will see alot of them.

The first line of each is when cron starts (session open)
the second line is when cron closes (session close)

Please do not post on the same issue multiple times
http://www.linuxquestions.org/questi...server-702283/

it will not get you helped any faster. If there is someone one that knows the answer then they will most likely post but if no one currently on then posting multiple times will only get you talked to about it. It is against the LQ rules that you agreed to when you created an account.

Thanks

Last edited by slimm609; 02-04-2009 at 10:08 PM.
 
Old 02-04-2009, 11:10 PM   #3
CoffeeKing!!!
Member
 
Registered: Mar 2008
Posts: 117

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by slimm609 View Post
This is normal

cron has to be authenticated to the system just like everyone else and cron checks the config files to see if anything has changed. Since cron can run at any minute of the day you will see alot of them.

The first line of each is when cron starts (session open)
the second line is when cron closes (session close)

Please do not post on the same issue multiple times
http://www.linuxquestions.org/questi...server-702283/

it will not get you helped any faster. If there is someone one that knows the answer then they will most likely post but if no one currently on then posting multiple times will only get you talked to about it. It is against the LQ rules that you agreed to when you created an account.

Thanks
thanks slim
With your help, I learned a little bit more about cron and found the cron scripts that were filling up my auth.log.

Sorry about the multiple post.

could you tell me what the numbers next to the word CRON are in the output. Are they PID's?
 
Old 02-05-2009, 07:07 AM   #4
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 428

Rep: Reputation: 65
Yes those are the PIDs of each one.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
the significance and name of the 5th column of /var/log/auth.log (ubuntu server)? CoffeeKing!!! Linux - Security 4 02-05-2009 07:32 AM
pam_unix filling up auth.log Shwick Linux - Newbie 5 10-08-2008 08:38 PM
/var/log/auth.log doens't have correct date and hostname (Solution) alfmarius Linux - Newbie 0 10-07-2008 06:09 AM
suspicious entry in /var/log/auth.log buehler Linux - Security 5 04-27-2005 05:11 PM
weird stuff in /var/log/auth.log bschiett Linux - Security 3 03-12-2005 08:29 AM


All times are GMT -5. The time now is 07:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration