session opened for user root by (uid=0)

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

session opened for user root by (uid=0)

session opened for user root by (uid=0)

2006-01-30 - By Thomas Walter

Back

Reply: 1 2

Good Evening,

I have a RHEL 4 machine, recently brough online. I see today the following
entries (hundreds actually) every 5 minutes. There are no entries in root
crontab. Web search indicates a possible intrusion but the examples I see
don't refer to crond. Can anyone help?

TIA.

Tom Walter

Jan 29 10:15:01 earth crond(pam_unix)[31492]: session opened for user root by
(uid=0)
Jan 29 10:15:01 earth crond(pam_unix)[31492]: session closed for user root
Jan 29 10:20:01 earth crond(pam_unix)[31514]: session opened for user root by
(uid=0)
Jan 29 10:20:01 earth crond(pam_unix)[31515]: session opened for user root by
(uid=0)
Jan 29 10:20:01 earth crond(pam_unix)[31514]: session closed for user root
Jan 29 10:20:01 earth crond(pam_unix)[31515]: session closed for user root
Jan 29 10:25:01 earth crond(pam_unix)[31541]: session opened for user root by
(uid=0)
Jan 29 10:25:01 earth crond(pam_unix)[31541]: session closed for user root
Jan 29 10:30:01 earth crond(pam_unix)[31563]: session opened for user root by
(uid=0)
Jan 29 10:30:01 earth crond(pam_unix)[31564]: session opened for user root by
(uid=0)
Jan 29 10:30:01 earth crond(pam_unix)[31563]: session closed for user root
Jan 29 10:30:01 earth crond(pam_unix)[31564]: session closed for user root

===============================================================================
===

Thomas Walter
Geography & Computer Science Departments
Hunter College of the City University of New York
695 Park Avenue
New York, NY 10021

(212)772-5457 Office
(212)772-5268 Fax
tbwalter@(protected)
http://geography.hunter.cuny.edu/~tbw

__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Redhat-install-list mailing list
Redhat-install-list@(protected)
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@(protected)
Subject: unsubscribe

Earn $52 per hosting referral at Lunarpages.