Running ubuntu 8.04 desktop.

I have sshd server running and there's a cron job that seems to be running every 10 seconds. It keeps opening and closing a session and it logs this every time to /var/log/auth.log.

Oct 2 14:45:01 desktop CRON[7760]: pam_unix(cron:session): session closed for user root
Oct 2 14:55:01 desktop CRON[7762]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 2 14:55:01 desktop CRON[7762]: pam_unix(cron:session): session closed for user root
Oct 2 15:05:01 desktop CRON[7764]: pam_unix(cron:session): session opened for user root by (uid=0)

Is there an elegant way to stop this, I don't think this is supposed to happen.

Looks more like every 10 mins to me. Check your crontabs. 1 Minute is the smallest time you can specify in cron.
In addition, there should be a cron job that rotates your logs regularly, so disc space shouldn't be an issue.

I've read how pam can block brute force ssh attacks but I already have an iptables configuration doing that.

I don't really know what it's doing logging into ssh as root every 10 minutes, and I don't think I need it doing that either.

I tried Try sudo crontab -l and it comes up blank.

Anyone encounter this problem before?

login as root, cd /etc and do

ls -l |grep cron

you'll get something like
you need to check all those files/dirs. Something is running and you need to know what.
Also, you can predict from that log you've shown when its going to run, so run

top

in an xterm and keep an eye out when you expect it.

Finally. Stupid sysstat, some package that supplies mpstat, iostat and sar commands.

It had a script in /etc/cron.d/sysstat which sent machine statistics every 10 minutes to an ubuntu central server where they analyzed the information to gear the next release to the most common machine hardware against your will!!!!

No wait... just the first part about it logging stats to a file every 10 minutes.