Question

Weird CRON logs appearing for no reasion

Hey today I found a bunch of strange CRON log activity in my auth.log file. Anyone know what is this about? I checked and I don’t have any CRON jobs running…

May  3 06:37:30 EngageLive CRON[7350]: pam_unix(cron:session): session closed for user root
May  3 06:39:01 EngageLive CRON[7588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 06:39:01 EngageLive CRON[7588]: pam_unix(cron:session): session closed for user root
May  3 06:47:01 EngageLive CRON[7601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 06:47:02 EngageLive CRON[7601]: pam_unix(cron:session): session closed for user root
May  3 07:09:01 EngageLive CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 07:09:01 EngageLive CRON[7631]: pam_unix(cron:session): session closed for user root
May  3 07:17:01 EngageLive CRON[7644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 07:17:01 EngageLive CRON[7644]: pam_unix(cron:session): session closed for user root
May  3 07:39:01 EngageLive CRON[7647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 07:39:01 EngageLive CRON[7647]: pam_unix(cron:session): session closed for user root
May  3 08:09:01 EngageLive CRON[7660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 08:09:01 EngageLive CRON[7660]: pam_unix(cron:session): session closed for user root
May  3 08:17:01 EngageLive CRON[7672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 08:17:01 EngageLive CRON[7672]: pam_unix(cron:session): session closed for user root
May  3 08:39:01 EngageLive CRON[7675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 08:39:01 EngageLive CRON[7675]: pam_unix(cron:session): session closed for user root
May  3 09:09:01 EngageLive CRON[7687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 09:09:01 EngageLive CRON[7687]: pam_unix(cron:session): session closed for user root
May  3 09:17:01 EngageLive CRON[7699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 09:17:01 EngageLive CRON[7699]: pam_unix(cron:session): session closed for user root
May  3 09:39:01 EngageLive CRON[7702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 09:39:01 EngageLive CRON[7702]: pam_unix(cron:session): session closed for user root
May  3 10:09:01 EngageLive CRON[7715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 10:09:02 EngageLive CRON[7715]: pam_unix(cron:session): session closed for user root
May  3 10:17:01 EngageLive CRON[7727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 10:17:01 EngageLive CRON[7727]: pam_unix(cron:session): session closed for user root
May  3 10:39:01 EngageLive CRON[7730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 10:39:01 EngageLive CRON[7730]: pam_unix(cron:session): session closed for user root
May  3 11:09:01 EngageLive CRON[7742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 11:09:01 EngageLive CRON[7742]: pam_unix(cron:session): session closed for user root
May  3 11:17:01 EngageLive CRON[7754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 11:17:01 EngageLive CRON[7754]: pam_unix(cron:session): session closed for user root
May  3 11:39:01 EngageLive CRON[7758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 11:39:01 EngageLive CRON[7758]: pam_unix(cron:session): session closed for user root
May  3 12:09:01 EngageLive CRON[7770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 12:09:01 EngageLive CRON[7770]: pam_unix(cron:session): session closed for user root
May  3 12:17:01 EngageLive CRON[7782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 12:17:01 EngageLive CRON[7782]: pam_unix(cron:session): session closed for user root
May  3 12:39:01 EngageLive CRON[7785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 12:39:01 EngageLive CRON[7785]: pam_unix(cron:session): session closed for user root
Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

@paulday

To resolve this, login to the CLI and cd to

/etc/pam.d

In your favorite editor of choice, open:

common-session-noninteractive

Find:

session required pam_unix.so

Above it, add:

session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid

and then restart CRON:

/etc/init.d/cron restart

I had this bookmarked as a client of mine was asking a similar question not too long ago :).

Source: http://languor.us/cron-pam-unix-cron-session-session-opened-closed-user-root-uid0