4

I just check my logs on my deed server, I spotted some weird log in the auth.log:

Jun 17 22:27:01 mutualab CRON[16249]: pam_unix(cron:session): session opened for user user by (uid=0)
Jun 17 22:27:01 mutualab CRON[16249]: pam_unix(cron:session): session closed for user user
Jun 17 22:28:01 mutualab CRON[16253]: pam_unix(cron:session): session opened for user user by (uid=0)
Jun 17 22:28:01 mutualab CRON[16253]: pam_unix(cron:session): session closed for user alain
Jun 17 22:29:01 mutualab CRON[16257]: pam_unix(cron:session): session opened for user user by (uid=0)
Jun 17 22:29:01 mutualab CRON[16257]: pam_unix(cron:session): session closed for user user

Looks like somebody tried to log in - and succeeded ? - but delog instantly ? I got the same log for hours now...

Do you know what happens?

Cristian Ciupitu
  • 6,396
  • 2
  • 42
  • 56
x_vi_r
  • 310
  • 2
  • 4
  • 15

1 Answers1

11

That's just cron running the cronjobs. It opens (and then closes) a PAM session for the appropriate user when it executes commands. Based on the timestamps, you have a cronjob which executes every minute.

mgorven
  • 30,615
  • 7
  • 79
  • 122