session opened for user root by (uid=0)
Thomas Walter
tbw at geo.hunter.cuny.edu
Mon Jan 30 22:03:02 UTC 2006
Good Evening,
I have a RHEL 4 machine, recently brough online. I see today the following
entries (hundreds actually) every 5 minutes. There are no entries in root
crontab. Web search indicates a possible intrusion but the examples I see
don't refer to crond. Can anyone help?
TIA.
Tom Walter
Jan 29 10:15:01 earth crond(pam_unix)[31492]: session opened for user root by (uid=0)
Jan 29 10:15:01 earth crond(pam_unix)[31492]: session closed for user root
Jan 29 10:20:01 earth crond(pam_unix)[31514]: session opened for user root by (uid=0)
Jan 29 10:20:01 earth crond(pam_unix)[31515]: session opened for user root by (uid=0)
Jan 29 10:20:01 earth crond(pam_unix)[31514]: session closed for user root
Jan 29 10:20:01 earth crond(pam_unix)[31515]: session closed for user root
Jan 29 10:25:01 earth crond(pam_unix)[31541]: session opened for user root by (uid=0)
Jan 29 10:25:01 earth crond(pam_unix)[31541]: session closed for user root
Jan 29 10:30:01 earth crond(pam_unix)[31563]: session opened for user root by (uid=0)
Jan 29 10:30:01 earth crond(pam_unix)[31564]: session opened for user root by (uid=0)
Jan 29 10:30:01 earth crond(pam_unix)[31563]: session closed for user root
Jan 29 10:30:01 earth crond(pam_unix)[31564]: session closed for user root
==================================================================================
Thomas Walter
Geography & Computer Science Departments
Hunter College of the City University of New York
695 Park Avenue
New York, NY 10021
(212)772-5457 Office
(212)772-5268 Fax
tbwalter at geo.hunter.cuny.edu
http://geography.hunter.cuny.edu/~tbw
More information about the Redhat-install-list
mailing list