Sounds like you have some cron jobs running every five minutes. Check your /etc/crontab, /etc/cron.d, /etc/crond.daily. See if you can find the jobs that's running every five minutes. If someone was trying to login, it would say which tty they were logging in from, or it would have associated sshd or telnetd log entries ... not just PAM_unix.
On Wed, 22 May 2002, Oki DZ wrote: > Hi, > > I have quite many of the following lines in auth.log. > bdg:/var/log# tail auth.log > May 22 12:55:02 bdg PAM_unix[1477]: (cron) session closed for user root > May 22 12:55:02 bdg PAM_unix[1476]: (cron) session closed for user root > May 22 13:00:01 bdg PAM_unix[1536]: (cron) session opened for user root by > (uid=0) > May 22 13:00:02 bdg PAM_unix[1536]: (cron) session closed for user root > May 22 13:05:01 bdg PAM_unix[1597]: (cron) session opened for user root by > (uid=0) > May 22 13:05:01 bdg PAM_unix[1596]: (cron) session opened for user root by > (uid=0) > May 22 13:05:01 bdg PAM_unix[1597]: (cron) session closed for user root > May 22 13:05:02 bdg PAM_unix[1596]: (cron) session closed for user root > May 22 13:10:01 bdg PAM_unix[1633]: (cron) session opened for user root by > (uid=0) > May 22 13:10:01 bdg PAM_unix[1633]: (cron) session closed for user root > > Does it mean that somebody has been trying to log in? > > Thanks in advance, > Oki > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
