I started seeing these entries after upgrading from FC2 to FC3.
I don't think they're anything to worry about.
Jeff G.
Brian Henning wrote:
Hi Folks,
Past couple days I've started seeing entries in the pam_unix section
of LogWatch that look like this:
crond:
Unknown Entries:
session closed for user root: 270 Time(s)
session opened for user root by (uid=0): 270 Time(s)
I don't know what that means, or why it's suddenly happening. crond
opening a session for user root? A session of what? When I hear
"session," I think "interactive," and nothing that cron is doing
should be involving interaction from anyone. root's crontab just has
what I expect it to have.
The only thing I've changed lately was to install the MailScanner
RPMs, but I haven't actually put the installation to work; haven't
configured it, haven't stopped sendmail and put mailscanner in
control, etc.
So it's got me a bit nervous. Could something nefarious be going on
here? Why should root be opening a session a little more than 11
times an hour?
Thanks,
~Brian
--
Jeff Groves
email: [EMAIL PROTECTED] Web Site: http://www.krenim.org/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
