Weird stuff in in my /var/log/auth.log

authentication ubuntu logging ubuntu-10.04 pam

I just check my logs on my deed server, I spotted some weird log in the auth.log:

Jun 17 22:27:01 mutualab CRON[16249]: pam_unix(cron:session): session opened for user user by (uid=0)
Jun 17 22:27:01 mutualab CRON[16249]: pam_unix(cron:session): session closed for user user
Jun 17 22:28:01 mutualab CRON[16253]: pam_unix(cron:session): session opened for user user by (uid=0)
Jun 17 22:28:01 mutualab CRON[16253]: pam_unix(cron:session): session closed for user alain
Jun 17 22:29:01 mutualab CRON[16257]: pam_unix(cron:session): session opened for user user by (uid=0)
Jun 17 22:29:01 mutualab CRON[16257]: pam_unix(cron:session): session closed for user user

Looks like somebody tried to log in - and succeeded ? - but delog instantly ? I got the same log for hours now...

Do you know what happens?


That's just cron running the cronjobs. It opens (and then closes) a PAM session for the appropriate user when it executes commands. Based on the timestamps, you have a cronjob which executes every minute.

Related

Tell the linux kernel to put a file in the disk cache?
Backup MySQL databases in 1 file but with separated .tar.gz for each db
Allow user to change permissions on a folder, but not remove/change Domain Admins access?
options for a natively supported, remote file transfer on Windows Server 2008 R2
Allow AD user to set passwords but no other attributes
PAM unable to dlopen(/lib64/security/pam_fprintd.so) causing CentOS/Redhat server to crash
Linux cached memory: Over 85% of cached memory and using swap
Does rsync preserve ACL?
Store Cron Jobs into a database
Is there a "native mode" for every domain functional level?
AIDE - How to exclude whole folders?
Assigning multiple IPv6 addresses on a Server