Share

Question

Hey today I found a bunch of strange CRON log activity in my auth.log file. Anyone know what is this about? I checked and I don’t have any CRON jobs running…

May  3 06:37:30 EngageLive CRON[7350]: pam_unix(cron:session): session closed for user root
May  3 06:39:01 EngageLive CRON[7588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 06:39:01 EngageLive CRON[7588]: pam_unix(cron:session): session closed for user root
May  3 06:47:01 EngageLive CRON[7601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 06:47:02 EngageLive CRON[7601]: pam_unix(cron:session): session closed for user root
May  3 07:09:01 EngageLive CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 07:09:01 EngageLive CRON[7631]: pam_unix(cron:session): session closed for user root
May  3 07:17:01 EngageLive CRON[7644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 07:17:01 EngageLive CRON[7644]: pam_unix(cron:session): session closed for user root
May  3 07:39:01 EngageLive CRON[7647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 07:39:01 EngageLive CRON[7647]: pam_unix(cron:session): session closed for user root
May  3 08:09:01 EngageLive CRON[7660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 08:09:01 EngageLive CRON[7660]: pam_unix(cron:session): session closed for user root
May  3 08:17:01 EngageLive CRON[7672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 08:17:01 EngageLive CRON[7672]: pam_unix(cron:session): session closed for user root
May  3 08:39:01 EngageLive CRON[7675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 08:39:01 EngageLive CRON[7675]: pam_unix(cron:session): session closed for user root
May  3 09:09:01 EngageLive CRON[7687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 09:09:01 EngageLive CRON[7687]: pam_unix(cron:session): session closed for user root
May  3 09:17:01 EngageLive CRON[7699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 09:17:01 EngageLive CRON[7699]: pam_unix(cron:session): session closed for user root
May  3 09:39:01 EngageLive CRON[7702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 09:39:01 EngageLive CRON[7702]: pam_unix(cron:session): session closed for user root
May  3 10:09:01 EngageLive CRON[7715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 10:09:02 EngageLive CRON[7715]: pam_unix(cron:session): session closed for user root
May  3 10:17:01 EngageLive CRON[7727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 10:17:01 EngageLive CRON[7727]: pam_unix(cron:session): session closed for user root
May  3 10:39:01 EngageLive CRON[7730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 10:39:01 EngageLive CRON[7730]: pam_unix(cron:session): session closed for user root
May  3 11:09:01 EngageLive CRON[7742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 11:09:01 EngageLive CRON[7742]: pam_unix(cron:session): session closed for user root
May  3 11:17:01 EngageLive CRON[7754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 11:17:01 EngageLive CRON[7754]: pam_unix(cron:session): session closed for user root
May  3 11:39:01 EngageLive CRON[7758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 11:39:01 EngageLive CRON[7758]: pam_unix(cron:session): session closed for user root
May  3 12:09:01 EngageLive CRON[7770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 12:09:01 EngageLive CRON[7770]: pam_unix(cron:session): session closed for user root
May  3 12:17:01 EngageLive CRON[7782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 12:17:01 EngageLive CRON[7782]: pam_unix(cron:session): session closed for user root
May  3 12:39:01 EngageLive CRON[7785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 12:39:01 EngageLive CRON[7785]: pam_unix(cron:session): session closed for user root

Answer 1

jtittle1 May 4, 2015

@paulday

To resolve this, login to the CLI and cd to

/etc/pam.d

In your favorite editor of choice, open:

common-session-noninteractive

Find:

session required pam_unix.so

Above it, add:

session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid

and then restart CRON:

/etc/init.d/cron restart

I had this bookmarked as a client of mine was asking a similar question not too long ago :).

Source: http://languor.us/cron-pam-unix-cron-session-session-opened-closed-user-root-uid0

Reply Report

Question

Weird CRON logs appearing for no reasion

Leave a comment

Looking for something else?

Share

Share your Question

Question

Weird CRON logs appearing for no reasion

Leave a comment

Related

question

Permission denied (publickey). I cannot figure this out, please help.

question

I am unable to access digital ocean droplet

question

Mod_rewrite "does not exist" error?

question

Hosting a wiki and redmine on same droplet.

Looking for something else?

Almost there!