My sme 7 is been acceding by somebody i think, because in the logs appear:
Sep 4 16:30:01 dc1 crond(pam_unix)[3795]: session opened for user root by (uid=0)
Sep 4 16:30:02 dc1 crond(pam_unix)[3795]: session closed for user root
Sep 4 16:35:01 dc1 crond(pam_unix)[3799]: session opened for user root by (uid=0)
Sep 4 16:35:01 dc1 crond(pam_unix)[3799]: session closed for user root
Each 5 minutes, am i wrong or have i a root kit or something?
waiting for help¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡
thks