現象
認證日志/var/log/auth.log反復出現CRON信息
Aug 8 01:09:01 rpi0w CRON[15394]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 8 01:09:01 rpi0w CRON[15394]: pam_unix(cron:session): session closed for user root
Aug 8 01:17:02 rpi0w CRON[15403]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 8 01:17:02 rpi0w CRON[15403]: pam_unix(cron:session): session closed for user root
Aug 8 01:39:01 rpi0w CRON[15443]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 8 01:39:01 rpi0w CRON[15443]: pam_unix(cron:session): session closed for user root
Aug 8 02:09:01 rpi0w CRON[15477]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 8 02:09:01 rpi0w CRON[15477]: pam_unix(cron:session): session closed for user root
Aug 8 02:17:01 rpi0w CRON[15499]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 8 02:17:01 rpi0w CRON[15499]: pam_unix(cron:session): session closed for user root
Aug 8 02:39:01 rpi0w CRON[15526]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 8 02:39:01 rpi0w CRON[15526]: pam_unix(cron:session): session closed for user root
看起來是root計划任務但用crontab -l沒有發現對應任務
分析
問題應該出在系統自帶的周期性任務,查看以下路徑
/etc/cron.d/
/etc/cron.daily/
/etc/cron.hourly/
/etc/cron.monthly/
/etc/cron.weekly/
確認存在系統任務,考慮清除cron的auth日志信息。
方法
使用sudo編輯/etc/pam.d/common-session-noninteractive
找到這一行
session required pam_unix.so
前排添加
session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid
保存退出
重啟 crond 服務
sudo service cron restart
參考
Cron: pam_unix (cron:session): session opened/closed for user root by (uid=0) | languor.us