does anybody knows what this means? ptymonitor: pam_unix(login:session): session opened for user root by (uid=0)

osalas · 08-01-2016, 04:01 PM

Hi, today I got these messages in /var/log/secure that enabled an alert in my monitoring tool:

Aug 1 14:52:02 xxxxxxxxxxxx ptymonitor: pam_unix(login:session): session opened
for user root by (uid=0)
Aug 1 14:52:02 xxxxxxxxxxxx ptymonitor: pam_ck_connector(login:session): cannot
determine display-device
Aug 1 14:52:02 xxxxxxxxxxxx ptymonitor: pam_unix(login:session): session closed
for user root

Does anybody knows what this means?
I don't see any hardware or software failures in the log files.

PD: xxxxxxxxxxxx is the server name

Im using RH 6.5

/dev/random · 08-15-2016, 03:48 PM

This means you logged in as root. PAM is just logging the logins of root user. It's not an error.

osalas · 08-15-2016, 05:22 PM

Quote:

Originally Posted by /dev/random

This means you logged in as root. PAM is just logging the logins of root user. It's not an error.

Thank you!

jefro · 08-15-2016, 09:01 PM

Do those times match with when you logged in? By the way, consider making a common user a sudoer.