Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: rmoria on July 25, 2006, 09:24:26 AM
-
In my message log I see a lot of these.
Jul 25 03:25:01 servername crond(pam_unix)[19510]: session opened for user root by (uid=0)
Jul 25 03:25:02 servername crond(pam_unix)[19510]: session closed for user root
Password is secure (and I have changed it to test if it had been compromised). ssh is disabled.
If I do a search I see more people with this problem. Does anyone have a clue where this comes from?
-
In my message log I see a lot of these.
Jul 25 03:25:01 servername crond(pam_unix)[19510]: session opened for user root by (uid=0)
Jul 25 03:25:02 servername crond(pam_unix)[19510]: session closed for user root
Password is secure (and I have changed it to test if it had been compromised). ssh is disabled.
If I do a search I see more people with this problem. Does anyone have a clue where this comes from?
Could it be that one of your cron jobs is running as user root?
-
It also happens at times where there are no custom cron-jobs.
Jul 25 10:55:02 nathan crond(pam_unix)[12668]: session opened for user root by (uid=0)
Jul 25 10:55:07 nathan crond(pam_unix)[12668]: session closed for user root
My cron jobs end around 04:00:00
-
rmoria,
It's just log noise. Check the cron logs. It will tell you what is being run at what time and by what user.
I would suspect that you either have sme7admin or sysmon installed. cron runs sa1 (sysstat) every 5 minutes.
I notice that after doing the latest sme-testing updates, the crond entries in the messages log have disappeared.
Jon
-
Thanks, I do have sme7admin installed.
I'll just try to ignore the entries (or install the sme-test updates)