現象

認證日誌/var/log/auth.log反覆出現CRON資訊

Aug  8 01:09:01 rpi0w CRON[15394]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 01:09:01 rpi0w CRON[15394]: pam_unix(cron:session): session closed for user root
Aug  8 01:17:02 rpi0w CRON[15403]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 01:17:02 rpi0w CRON[15403]: pam_unix(cron:session): session closed for user root
Aug  8 01:39:01 rpi0w CRON[15443]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 01:39:01 rpi0w CRON[15443]: pam_unix(cron:session): session closed for user root
Aug  8 02:09:01 rpi0w CRON[15477]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 02:09:01 rpi0w CRON[15477]: pam_unix(cron:session): session closed for user root
Aug  8 02:17:01 rpi0w CRON[15499]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 02:17:01 rpi0w CRON[15499]: pam_unix(cron:session): session closed for user root
Aug  8 02:39:01 rpi0w CRON[15526]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 02:39:01 rpi0w CRON[15526]: pam_unix(cron:session): session closed for user root
 

看起來是root計劃任務但用crontab -l沒有發現對應任務

分析

問題應該出在系統自帶的週期性任務，檢視以下路徑

/etc/cron.d/
/etc/cron.daily/   
/etc/cron.hourly/  
/etc/cron.monthly/
/etc/cron.weekly/

確認存在系統任務，考慮清除cron的auth日誌資訊。

方法

使用sudo編輯/etc/pam.d/common-session-noninteractive
找到這一行

session required        pam_unix.so

前排新增

session     [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid
 

儲存退出
重啟 crond 服務

sudo service cron restart

參考

Cron: pam_unix (cron:session): session opened/closed for user root by (uid=0) | languor.us