Since updating to 4.2 my Opteron server has been flooded by messages like: audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)' to both /var/log/messages and the kernel ring buffer. Looks like they are being generated by cron jobs being run on the server. Does anyone know how to turn these messages off or to redirect them? Kirk
On Mon, 2005-10-17 at 09:19 -0700, Kirk Bocek wrote:> Since updating to 4.2 my Opteron server has been flooded by messages like: > > audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: > user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)' > > to both /var/log/messages and the kernel ring buffer. Looks like they are being > generated by cron jobs being run on the server. > > Does anyone know how to turn these messages off or to redirect them? > > Kirk > > _______________________________________________Man I am glad you posted this, guess I will be staying on 4.1 for a while :-) Ted
Kirk Bocek napisa?(a):> Since updating to 4.2 my Opteron server has been flooded by messages like: > > audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM > session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, > terminal=cron result=Success)' > > to both /var/log/messages and the kernel ring buffer. Looks like they > are being generated by cron jobs being run on the server. > > Does anyone know how to turn these messages off or to redirect them? >I have exactly the same problem. I've solved this by change in syslog.conf to look like: *.info;mail.none;authpriv.none;cron.none;auth.!=info /var/log/messages and adding this line auth.info /var/log/cron.auth It solved my problem byt its temporally, dont know what to do exactly to stop it. -- ** WWW: http://www.godlewski.info/ * PGP ID: 12A9EC03 ** ** JID: godo at jabber.atman.pl * GG: 366328 * **
Kirk Bocek napisa?(a):> Since updating to 4.2 my Opteron server has been flooded by messages like: > > audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM > session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, > terminal=cron result=Success)' > > to both /var/log/messages and the kernel ring buffer. Looks like they > are being generated by cron jobs being run on the server. > > Does anyone know how to turn these messages off or to redirect them? >I have exactly the same problem. I've solved this by change in syslog.conf to look like: *.info;mail.none;authpriv.none;cron.none;auth.!=info /var/log/messages and adding this line auth.info /var/log/cron.auth It solved my problem byt its temporally, dont know what to do exactly to stop it. -- ** WWW: http://www.godlewski.info/ * PGP ID: 12A9EC03 ** ** JID: godo at jabber.atman.pl * GG: 366328 * **
Possibly Parallel Threads
- calendars
- [Bug 1320] New: iptables hashlimit - problem with traffic limitation
- [Bug 2245] New: Multiple USER_LOGIN messages when linux audit support is enabled on bad login
- Audit logs source of account triggering it.
- Audit logs containing 28756E6B6E6F776E207573657229