Related

Product App Platform: Run PHP apps without managing servers Product
GUI for MongoDB needed to mange Meteor app Question Question
Why are snapshots so slow Question Question

Question

Weird CRON logs appearing for no reasion

Posted May 3, 2015 14.6k views
UbuntuPHPSecurity

Hey today I found a bunch of strange CRON log activity in my auth.log file. Anyone know what is this about? I checked and I don’t have any CRON jobs running…

May  3 06:37:30 EngageLive CRON[7350]: pam_unix(cron:session): session closed for user root
May  3 06:39:01 EngageLive CRON[7588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 06:39:01 EngageLive CRON[7588]: pam_unix(cron:session): session closed for user root
May  3 06:47:01 EngageLive CRON[7601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 06:47:02 EngageLive CRON[7601]: pam_unix(cron:session): session closed for user root
May  3 07:09:01 EngageLive CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 07:09:01 EngageLive CRON[7631]: pam_unix(cron:session): session closed for user root
May  3 07:17:01 EngageLive CRON[7644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 07:17:01 EngageLive CRON[7644]: pam_unix(cron:session): session closed for user root
May  3 07:39:01 EngageLive CRON[7647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 07:39:01 EngageLive CRON[7647]: pam_unix(cron:session): session closed for user root
May  3 08:09:01 EngageLive CRON[7660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 08:09:01 EngageLive CRON[7660]: pam_unix(cron:session): session closed for user root
May  3 08:17:01 EngageLive CRON[7672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 08:17:01 EngageLive CRON[7672]: pam_unix(cron:session): session closed for user root
May  3 08:39:01 EngageLive CRON[7675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 08:39:01 EngageLive CRON[7675]: pam_unix(cron:session): session closed for user root
May  3 09:09:01 EngageLive CRON[7687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 09:09:01 EngageLive CRON[7687]: pam_unix(cron:session): session closed for user root
May  3 09:17:01 EngageLive CRON[7699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 09:17:01 EngageLive CRON[7699]: pam_unix(cron:session): session closed for user root
May  3 09:39:01 EngageLive CRON[7702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 09:39:01 EngageLive CRON[7702]: pam_unix(cron:session): session closed for user root
May  3 10:09:01 EngageLive CRON[7715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 10:09:02 EngageLive CRON[7715]: pam_unix(cron:session): session closed for user root
May  3 10:17:01 EngageLive CRON[7727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 10:17:01 EngageLive CRON[7727]: pam_unix(cron:session): session closed for user root
May  3 10:39:01 EngageLive CRON[7730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 10:39:01 EngageLive CRON[7730]: pam_unix(cron:session): session closed for user root
May  3 11:09:01 EngageLive CRON[7742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 11:09:01 EngageLive CRON[7742]: pam_unix(cron:session): session closed for user root
May  3 11:17:01 EngageLive CRON[7754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 11:17:01 EngageLive CRON[7754]: pam_unix(cron:session): session closed for user root
May  3 11:39:01 EngageLive CRON[7758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 11:39:01 EngageLive CRON[7758]: pam_unix(cron:session): session closed for user root
May  3 12:09:01 EngageLive CRON[7770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 12:09:01 EngageLive CRON[7770]: pam_unix(cron:session): session closed for user root
May  3 12:17:01 EngageLive CRON[7782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 12:17:01 EngageLive CRON[7782]: pam_unix(cron:session): session closed for user root
May  3 12:39:01 EngageLive CRON[7785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  3 12:39:01 EngageLive CRON[7785]: pam_unix(cron:session): session closed for user root
Add a comment
paulday
By:
paulday

Related

Product App Platform: Run PHP apps without managing servers Product
GUI for MongoDB needed to mange Meteor app Question Question
Why are snapshots so slow Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
jtittle1 May 4, 2015

@paulday

To resolve this, login to the CLI and cd to

/etc/pam.d

In your favorite editor of choice, open:

common-session-noninteractive

Find:

session required pam_unix.so

Above it, add:

session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid

and then restart CRON:

/etc/init.d/cron restart

I had this bookmarked as a client of mine was asking a similar question not too long ago :).

Source: http://languor.us/cron-pam-unix-cron-session-session-opened-closed-user-root-uid0

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help