[TriLUG] crond opening root sessions..?
Brian Henning
brian at strutmasters.com
Tue Jun 7 08:30:59 EDT 2005
Hi Folks,
Past couple days I've started seeing entries in the pam_unix section
of LogWatch that look like this:
crond:
Unknown Entries:
session closed for user root: 270 Time(s)
session opened for user root by (uid=0): 270 Time(s)
I don't know what that means, or why it's suddenly happening. crond
opening a session for user root? A session of what? When I hear
"session," I think "interactive," and nothing that cron is doing should
be involving interaction from anyone. root's crontab just has what I
expect it to have.
The only thing I've changed lately was to install the MailScanner RPMs,
but I haven't actually put the installation to work; haven't configured
it, haven't stopped sendmail and put mailscanner in control, etc.
So it's got me a bit nervous. Could something nefarious be going on
here? Why should root be opening a session a little more than 11 times
an hour?
Thanks,
~Brian
More information about the TriLUG
mailing list