[TriLUG] crond opening root sessions..?
Jeff Groves
jgroves at krenim.org
Tue Jun 7 08:43:59 EDT 2005
I started seeing these entries after upgrading from FC2 to FC3.
I don't think they're anything to worry about.
Jeff G.
Brian Henning wrote:
> Hi Folks,
> Past couple days I've started seeing entries in the pam_unix section
> of LogWatch that look like this:
>
> crond:
> Unknown Entries:
> session closed for user root: 270 Time(s)
> session opened for user root by (uid=0): 270 Time(s)
>
> I don't know what that means, or why it's suddenly happening. crond
> opening a session for user root? A session of what? When I hear
> "session," I think "interactive," and nothing that cron is doing
> should be involving interaction from anyone. root's crontab just has
> what I expect it to have.
>
> The only thing I've changed lately was to install the MailScanner
> RPMs, but I haven't actually put the installation to work; haven't
> configured it, haven't stopped sendmail and put mailscanner in
> control, etc.
>
> So it's got me a bit nervous. Could something nefarious be going on
> here? Why should root be opening a session a little more than 11
> times an hour?
>
> Thanks,
> ~Brian
--
Jeff Groves
email: jgroves at krenim.org Web Site: http://www.krenim.org/
More information about the TriLUG
mailing list