Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
02-04-2009, 09:59 PM
|
#1
|
|
Member
Registered: Mar 2008
Posts: 117
Rep: 
|
What the %$#@ is pam_unix (cron:session) doing every ten minutes? (/var/log/auth.log)
I've googled and searched forums for hours. The most stop the constant logging in
I need to know exactly what is happening. Not how to stop it. I've found no answers as to what is happening yet. The constant logging without explanation is making my head ring.
Code:
Feb 3 13:17:01 dixie CRON[13822]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 3 13:17:01 dixie CRON[13822]: pam_unix(cron:session): session closed for user root
Feb 3 13:20:01 dixie CRON[13961]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 3 13:20:01 dixie CRON[13961]: pam_unix(cron:session): session closed for user root
Feb 3 13:30:01 dixie CRON[14476]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 3 13:30:02 dixie CRON[14476]: pam_unix(cron:session): session closed for user root
Feb 3 13:40:01 dixie CRON[14966]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 3 13:40:01 dixie CRON[14966]: pam_unix(cron:session): session closed for user root
Feb 3 13:50:01 dixie CRON[15530]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 3 13:50:02 dixie CRON[15530]: pam_unix(cron:session): session closed for user root
Feb 3 14:00:01 dixie CRON[16207]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 3 14:00:01 dixie CRON[16207]: pam_unix(cron:session): session closed for user root
Feb 3 14:10:01 dixie CRON[16964]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 3 14:10:01 dixie CRON[16964]: pam_unix(cron:session): session closed for user root
Feb 3 14:17:01 dixie CRON[17367]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 3 14:17:01 dixie CRON[17367]: pam_unix(cron:session): session closed for user root
Feb 3 14:20:01 dixie CRON[17586]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 3 14:20:02 dixie CRON[17586]: pam_unix(cron:session): session closed for user root
|
|
|
|
|
02-04-2009, 10:02 PM
|
#2
|
|
Member
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430
Rep: 
|
This is normal
cron has to be authenticated to the system just like everyone else and cron checks the config files to see if anything has changed. Since cron can run at any minute of the day you will see alot of them.
The first line of each is when cron starts (session open)
the second line is when cron closes (session close)
Please do not post on the same issue multiple times
http://www.linuxquestions.org/questi...server-702283/
it will not get you helped any faster. If there is someone one that knows the answer then they will most likely post but if no one currently on then posting multiple times will only get you talked to about it. It is against the LQ rules that you agreed to when you created an account.
Thanks
Last edited by slimm609; 02-04-2009 at 10:08 PM.
|
|
|
1 members found this post helpful.
|
|
02-04-2009, 11:10 PM
|
#3
|
|
Member
Registered: Mar 2008
Posts: 117
Original Poster
Rep:
|
Quote:
Originally Posted by slimm609
This is normal
cron has to be authenticated to the system just like everyone else and cron checks the config files to see if anything has changed. Since cron can run at any minute of the day you will see alot of them.
The first line of each is when cron starts (session open)
the second line is when cron closes (session close)
Please do not post on the same issue multiple times
http://www.linuxquestions.org/questi...server-702283/
it will not get you helped any faster. If there is someone one that knows the answer then they will most likely post but if no one currently on then posting multiple times will only get you talked to about it. It is against the LQ rules that you agreed to when you created an account.
Thanks |
thanks slim
With your help, I learned a little bit more about cron and found the cron scripts that were filling up my auth.log.
Sorry about the multiple post.
could you tell me what the numbers next to the word CRON are in the output. Are they PID's? |
|
|
|
|
02-05-2009, 07:07 AM
|
#4
|
|
Member
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430
Rep:
|
Yes those are the PIDs of each one.
|
|
|
|
All times are GMT -5. The time now is 12:46 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
