auth.log大量出現pam_unix(cron:session): session opened for user root by (uid=0)解決辦法
阿新 • • 發佈:2021-08-08
現象
認證日誌/var/log/auth.log
反覆出現CRON資訊
Aug 8 01:09:01 rpi0w CRON[15394]: pam_unix(cron:session): session opened for user root by (uid=0) Aug 8 01:09:01 rpi0w CRON[15394]: pam_unix(cron:session): session closed for user root Aug 8 01:17:02 rpi0w CRON[15403]: pam_unix(cron:session): session opened for user root by (uid=0) Aug 8 01:17:02 rpi0w CRON[15403]: pam_unix(cron:session): session closed for user root Aug 8 01:39:01 rpi0w CRON[15443]: pam_unix(cron:session): session opened for user root by (uid=0) Aug 8 01:39:01 rpi0w CRON[15443]: pam_unix(cron:session): session closed for user root Aug 8 02:09:01 rpi0w CRON[15477]: pam_unix(cron:session): session opened for user root by (uid=0) Aug 8 02:09:01 rpi0w CRON[15477]: pam_unix(cron:session): session closed for user root Aug 8 02:17:01 rpi0w CRON[15499]: pam_unix(cron:session): session opened for user root by (uid=0) Aug 8 02:17:01 rpi0w CRON[15499]: pam_unix(cron:session): session closed for user root Aug 8 02:39:01 rpi0w CRON[15526]: pam_unix(cron:session): session opened for user root by (uid=0) Aug 8 02:39:01 rpi0w CRON[15526]: pam_unix(cron:session): session closed for user root
看起來是root計劃任務但用crontab -l
沒有發現對應任務
分析
問題應該出在系統自帶的週期性任務,檢視以下路徑
/etc/cron.d/
/etc/cron.daily/
/etc/cron.hourly/
/etc/cron.monthly/
/etc/cron.weekly/
確認存在系統任務,考慮清除cron的auth日誌資訊。
方法
使用sudo編輯/etc/pam.d/common-session-noninteractive
找到這一行
session required pam_unix.so
前排新增
session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid
儲存退出
重啟 crond 服務
sudo service cron restart
參考
Cron: pam_unix (cron:session): session opened/closed for user root by (uid=0) | languor.us