Hi Folks,
Past couple days I've started seeing entries in the pam_unix section
of LogWatch that look like this:
crond:
Unknown Entries:
session closed for user root: 270 Time(s)
session opened for user root by (uid=0): 270 Time(s)
I don't know what that means, or why it's suddenly happening. crond
opening a session for user root? A session of what? When I hear
"session," I think "interactive," and nothing that cron is doing should
be involving interaction from anyone. root's crontab just has what I
expect it to have.
The only thing I've changed lately was to install the MailScanner RPMs,
but I haven't actually put the installation to work; haven't configured
it, haven't stopped sendmail and put mailscanner in control, etc.
So it's got me a bit nervous. Could something nefarious be going on
here? Why should root be opening a session a little more than 11 times
an hour?
Thanks,
~Brian
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
