Bonjour,
J'ai un auth.log saturé par les lignes suivantes :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Oct 19 09:37:01 fwcfirewall CRON[23522]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:37:07 fwcfirewall CRON[23522]: (pam_unix) session closed for user root
Oct 19 09:38:01 fwcfirewall CRON[23555]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:38:07 fwcfirewall CRON[23555]: (pam_unix) session closed for user root
Oct 19 09:39:01 fwcfirewall CRON[23588]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:39:01 fwcfirewall CRON[23590]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:39:01 fwcfirewall CRON[23590]: (pam_unix) session closed for user root
Oct 19 09:39:06 fwcfirewall CRON[23588]: (pam_unix) session closed for user root
Oct 19 09:40:01 fwcfirewall CRON[23631]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:40:02 fwcfirewall CRON[23633]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:40:02 fwcfirewall CRON[23633]: (pam_unix) session closed for user root
Oct 19 09:40:08 fwcfirewall CRON[23631]: (pam_unix) session closed for user root
Oct 19 09:41:01 fwcfirewall CRON[23698]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:41:07 fwcfirewall CRON[23698]: (pam_unix) session closed for user root
Oct 19 09:42:01 fwcfirewall CRON[23731]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:42:07 fwcfirewall CRON[23731]: (pam_unix) session closed for user root
Oct 19 09:43:01 fwcfirewall CRON[23764]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:43:07 fwcfirewall CRON[23764]: (pam_unix) session closed for user root
Oct 19 09:44:01 fwcfirewall CRON[23797]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:44:07 fwcfirewall CRON[23797]: (pam_unix) session closed for user root
Oct 19 09:45:01 fwcfirewall CRON[23830]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:45:01 fwcfirewall CRON[23832]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:45:01 fwcfirewall CRON[23834]: (pam_unix) session opened for user root by (uid=0)
Oct 19 09:45:01 fwcfirewall CRON[23832]: (pam_unix) session closed for user root
Oct 19 09:45:01 fwcfirewall CRON[23834]: (pam_unix) session closed for user root
Oct 19 09:45:07 fwcfirewall CRON[23830]: (pam_unix) session closed for user root
Oct 19 09:46:01 fwcfirewall CRON[23899]: (pam_unix) session opened for user root by (uid=0) |
Ces lignes proviennes de cron avec le script suivant :
1
2
3
4
5
6
7
8
9
10
11
12
| cat /etc/cron.d/monitorix_sh
#!/bin/sh
#
# @(#) Fibranet NSP, SL
# Copyright (C) 2005-2008 by Jordi Sanfeliu <admin@fibranet.cat>
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin
* * * * * root /usr/bin/monitorix.pl update > /dev/null 2>&1
00 00 * * * root /usr/bin/monitorix.pl collect > /dev/null 2>&1
01 00 1 * * root /usr/bin/monitorix.pl report > /dev/null 2>&1 |
Je pense que le daemon cron utilise "pam_unix" pour se connecter au système, d'ailleur c'est écrit dans le auth.log.
Ma question est la suivante est-il possible de désactiver le log dans auth.log pour le monitorix_sh ?
En commentant la ligne du fichier /etc/syslog.conf :
auth,authpriv.* /var/log/auth.log
Je ne les log plus mais je ne log plus rien du tout sur le auth et surtout plus le daemon sshd.
Existe-il une solution, j'ai penser au fichier
Mais je ne sais pas trop...
Merci de votre aide.
FLuxy
cron auth.log et pam_unix
Répondre avec citation
Partager