The error is this:
pam_timestamp_check: pam_timestamp: `/' owner UID != 0
repeated over and over.

I have done this:
# chown root:root '/'
# ls -ld '/'
drwxr-xr-x 25 root root 4096 Oct 25 09:12 /

Yet I see this:
Oct 26 14:36:27 tsm su(pam_unix)[4962]: session closed for user root
Oct 26 14:36:28 tsm pam_timestamp_check: pam_timestamp: `/' owner UID != 0
Oct 26 14:37:00 tsm last message repeated 13 times
Oct 26 14:38:03 tsm last message repeated 25 times
Oct 26 14:39:05 tsm last message repeated 25 times
Oct 26 14:40:08 tsm last message repeated 25 times
Oct 26 14:41:10 tsm last message repeated 25 times

I changed the password of the user that is assuming ownership of '/' but it happens again. This leads me to believe it is some sort of batch process. Anyone seen this before?

Try:
This will make sure that the UID and GID are actually 0.

You can take a look in /var/spool/cron/ for jobs that might be doing this.

Additional info.. Looks like selinux is doing it?

Oct 27 03:00:02 tsm kernel: SELinux: initialized (dev cifs, type cifs), uses genfs_con
texts
Oct 27 03:00:30 tsm kernel: SELinux: initialized (dev cifs, type cifs), uses genfs_con
texts
Oct 27 03:00:45 tsm pam_timestamp_check: pam_timestamp: `/' owner UID != 0
Oct 27 03:01:19 tsm last message repeated 13 times