CRON opens and closes sessions continuously

I’m seeing a huge amount of these lines in my auth logs:

Dec 31 03:45:01 xxxxxxx CRON[17259]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 03:45:01 xxxxxxx CRON[17259]: pam_unix(cron:session): session closed for user root
Dec 31 03:55:01 xxxxxxx CRON[17317]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 03:55:01 xxxxxxx CRON[17317]: pam_unix(cron:session): session closed for user root
Dec 31 04:05:01 xxxxxxx CRON[17375]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 04:05:01 xxxxxxx CRON[17375]: pam_unix(cron:session): session closed for user root
Dec 31 04:15:01 xxxxxxx CRON[17434]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 04:15:01 xxxxxxx CRON[17434]: pam_unix(cron:session): session closed for user root
Dec 31 04:17:01 xxxxxxx CRON[17438]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 04:17:01 xxxxxxx CRON[17438]: pam_unix(cron:session): session closed for user root
Dec 31 04:25:01 xxxxxxx CRON[17498]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 04:25:01 xxxxxxx CRON[17498]: pam_unix(cron:session): session closed for user root
Dec 31 04:35:01 xxxxxxx CRON[17596]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 04:35:01 xxxxxxx CRON[17596]: pam_unix(cron:session): session closed for user root
Dec 31 04:45:01 xxxxxxx CRON[17669]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 04:45:01 xxxxxxx CRON[17669]: pam_unix(cron:session): session closed for user root
Dec 31 04:55:01 xxxxxxx CRON[17730]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 04:55:01 xxxxxxx CRON[17730]: pam_unix(cron:session): session closed for user root
Dec 31 05:05:01 xxxxxxx CRON[17788]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 05:05:01 xxxxxxx CRON[17788]: pam_unix(cron:session): session closed for user root
Dec 31 05:15:01 xxxxxxx CRON[17857]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 05:15:01 xxxxxxx CRON[17857]: pam_unix(cron:session): session closed for user root
Dec 31 05:17:01 xxxxxxx CRON[17861]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 05:17:01 xxxxxxx CRON[17861]: pam_unix(cron:session): session closed for user root
Dec 31 05:25:01 xxxxxxx CRON[17917]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 05:25:02 xxxxxxx CRON[17917]: pam_unix(cron:session): session closed for user root
Dec 31 05:35:01 xxxxxxx CRON[17975]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 05:35:01 xxxxxxx CRON[17975]: pam_unix(cron:session): session closed for user root
Dec 31 05:45:01 xxxxxxx CRON[18015]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 05:45:01 xxxxxxx CRON[18015]: pam_unix(cron:session): session closed for user root
Dec 31 05:55:01 xxxxxxx CRON[18072]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 05:55:01 xxxxxxx CRON[18072]: pam_unix(cron:session): session closed for user root
Dec 31 06:05:01 xxxxxxx CRON[18130]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 06:05:01 xxxxxxx CRON[18130]: pam_unix(cron:session): session closed for user root
Dec 31 06:15:01 xxxxxxx CRON[18201]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 06:15:01 xxxxxxx CRON[18201]: pam_unix(cron:session): session closed for user root
Dec 31 06:17:01 xxxxxxx CRON[18229]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 06:17:01 xxxxxxx CRON[18229]: pam_unix(cron:session): session closed for user root
Dec 31 06:25:01 xxxxxxx CRON[18262]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 06:25:01 xxxxxxx CRON[18263]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 06:25:01 xxxxxxx CRON[18263]: pam_unix(cron:session): session closed for user root
Dec 31 06:35:01 xxxxxxx CRON[18357]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 06:35:01 xxxxxxx CRON[18357]: pam_unix(cron:session): session closed for user root
Dec 31 06:43:31 xxxxxxx CRON[18262]: pam_unix(cron:session): session closed for user root
Dec 31 06:45:01 xxxxxxx CRON[18596]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 06:45:01 xxxxxxx CRON[18596]: pam_unix(cron:session): session closed for user root
Dec 31 06:55:01 xxxxxxx CRON[18660]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 06:55:01 xxxxxxx CRON[18660]: pam_unix(cron:session): session closed for user root
Dec 31 07:05:01 xxxxxxx CRON[18717]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 07:05:01 xxxxxxx CRON[18717]: pam_unix(cron:session): session closed for user root
Dec 31 07:15:01 xxxxxxx CRON[18776]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 07:15:01 xxxxxxx CRON[18776]: pam_unix(cron:session): session closed for user root
Dec 31 07:17:01 xxxxxxx CRON[18781]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 07:17:01 xxxxxxx CRON[18781]: pam_unix(cron:session): session closed for user root
Dec 31 07:25:01 xxxxxxx CRON[18841]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 07:25:01 xxxxxxx CRON[18841]: pam_unix(cron:session): session closed for user root
Dec 31 07:35:01 xxxxxxx CRON[18898]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 07:35:01 xxxxxxx CRON[18898]: pam_unix(cron:session): session closed for user root
Dec 31 07:45:01 xxxxxxx CRON[18981]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 07:45:01 xxxxxxx CRON[18981]: pam_unix(cron:session): session closed for user root
Dec 31 07:55:01 xxxxxxx CRON[19043]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 07:55:01 xxxxxxx CRON[19043]: pam_unix(cron:session): session closed for user root
Dec 31 08:05:01 xxxxxxx CRON[19100]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 08:05:01 xxxxxxx CRON[19100]: pam_unix(cron:session): session closed for user root
Dec 31 08:15:01 xxxxxxx CRON[19164]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 08:15:01 xxxxxxx CRON[19164]: pam_unix(cron:session): session closed for user root
Dec 31 08:17:01 xxxxxxx CRON[19169]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 08:17:01 xxxxxxx CRON[19169]: pam_unix(cron:session): session closed for user root
Dec 31 08:25:01 xxxxxxx CRON[19229]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 08:25:01 xxxxxxx CRON[19229]: pam_unix(cron:session): session closed for user root
Dec 31 08:35:01 xxxxxxx CRON[19314]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 08:35:01 xxxxxxx CRON[19314]: pam_unix(cron:session): session closed for user root
Dec 31 08:45:01 xxxxxxx CRON[19412]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 08:45:01 xxxxxxx CRON[19412]: pam_unix(cron:session): session closed for user root
Dec 31 08:55:01 xxxxxxx CRON[19472]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 08:55:01 xxxxxxx CRON[19472]: pam_unix(cron:session): session closed for user root
Dec 31 09:05:01 xxxxxxx CRON[19537]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 09:05:01 xxxxxxx CRON[19537]: pam_unix(cron:session): session closed for user root
Dec 31 09:15:01 xxxxxxx CRON[19581]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 09:15:01 xxxxxxx CRON[19581]: pam_unix(cron:session): session closed for user root
Dec 31 09:17:01 xxxxxxx CRON[19608]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 09:17:01 xxxxxxx CRON[19608]: pam_unix(cron:session): session closed for user root
Dec 31 09:25:01 xxxxxxx CRON[19641]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 09:25:01 xxxxxxx CRON[19641]: pam_unix(cron:session): session closed for user root
Dec 31 09:35:01 xxxxxxx CRON[19707]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 09:35:01 xxxxxxx CRON[19707]: pam_unix(cron:session): session closed for user root
Dec 31 09:45:01 xxxxxxx CRON[19766]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 09:45:01 xxxxxxx CRON[19766]: pam_unix(cron:session): session closed for user root
Dec 31 09:55:01 xxxxxxx CRON[19827]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 09:55:01 xxxxxxx CRON[19827]: pam_unix(cron:session): session closed for user root
Dec 31 10:05:01 xxxxxxx CRON[19889]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 10:05:01 xxxxxxx CRON[19889]: pam_unix(cron:session): session closed for user root
Dec 31 10:15:01 xxxxxxx CRON[19948]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 10:15:01 xxxxxxx CRON[19948]: pam_unix(cron:session): session closed for user root
Dec 31 10:17:01 xxxxxxx CRON[19976]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 10:17:01 xxxxxxx CRON[19976]: pam_unix(cron:session): session closed for user root
Dec 31 10:25:01 xxxxxxx CRON[20010]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 10:25:01 xxxxxxx CRON[20010]: pam_unix(cron:session): session closed for user root
Dec 31 10:35:01 xxxxxxx CRON[20068]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 10:35:01 xxxxxxx CRON[20068]: pam_unix(cron:session): session closed for user root
Dec 31 10:45:01 xxxxxxx CRON[20126]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 10:45:01 xxxxxxx CRON[20126]: pam_unix(cron:session): session closed for user root
Dec 31 10:55:01 xxxxxxx CRON[20184]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 10:55:01 xxxxxxx CRON[20184]: pam_unix(cron:session): session closed for user root
Dec 31 11:05:01 xxxxxxx CRON[20242]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 11:05:01 xxxxxxx CRON[20242]: pam_unix(cron:session): session closed for user root
Dec 31 11:15:01 xxxxxxx CRON[20355]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 11:15:01 xxxxxxx CRON[20355]: pam_unix(cron:session): session closed for user root
Dec 31 11:17:01 xxxxxxx CRON[20368]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 11:17:01 xxxxxxx CRON[20368]: pam_unix(cron:session): session closed for user root
Dec 31 11:25:01 xxxxxxx CRON[20424]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 11:25:01 xxxxxxx CRON[20424]: pam_unix(cron:session): session closed for user root
Dec 31 11:35:01 xxxxxxx CRON[20482]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 11:35:01 xxxxxxx CRON[20482]: pam_unix(cron:session): session closed for user root
Dec 31 11:45:01 xxxxxxx CRON[20540]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 11:45:01 xxxxxxx CRON[20540]: pam_unix(cron:session): session closed for user root
Dec 31 11:55:01 xxxxxxx CRON[20610]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 11:55:01 xxxxxxx CRON[20610]: pam_unix(cron:session): session closed for user root
Dec 31 12:05:01 xxxxxxx CRON[20672]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 12:05:01 xxxxxxx CRON[20672]: pam_unix(cron:session): session closed for user root
Dec 31 12:15:01 xxxxxxx CRON[20738]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 12:15:01 xxxxxxx CRON[20738]: pam_unix(cron:session): session closed for user root
Dec 31 12:17:01 xxxxxxx CRON[20747]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 12:17:01 xxxxxxx CRON[20747]: pam_unix(cron:session): session closed for user root
Dec 31 12:25:01 xxxxxxx CRON[20811]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 12:25:01 xxxxxxx CRON[20811]: pam_unix(cron:session): session closed for user root
Dec 31 12:35:01 xxxxxxx CRON[20873]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 12:35:01 xxxxxxx CRON[20873]: pam_unix(cron:session): session closed for user root
Dec 31 12:45:02 xxxxxxx CRON[20935]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 12:45:02 xxxxxxx CRON[20935]: pam_unix(cron:session): session closed for user root
Dec 31 12:55:01 xxxxxxx CRON[20984]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 12:55:02 xxxxxxx CRON[20984]: pam_unix(cron:session): session closed for user root
Dec 31 13:05:01 xxxxxxx CRON[21042]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 13:05:01 xxxxxxx CRON[21042]: pam_unix(cron:session): session closed for user root
Dec 31 13:15:01 xxxxxxx CRON[21212]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 13:15:01 xxxxxxx CRON[21212]: pam_unix(cron:session): session closed for user root
Dec 31 13:17:01 xxxxxxx CRON[21240]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 13:17:01 xxxxxxx CRON[21240]: pam_unix(cron:session): session closed for user root
Dec 31 13:25:01 xxxxxxx CRON[21299]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 13:25:01 xxxxxxx CRON[21299]: pam_unix(cron:session): session closed for user root
Dec 31 13:35:01 xxxxxxx CRON[21378]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 13:35:01 xxxxxxx CRON[21378]: pam_unix(cron:session): session closed for user root
Dec 31 13:45:01 xxxxxxx CRON[21439]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 13:45:01 xxxxxxx CRON[21439]: pam_unix(cron:session): session closed for user root
Dec 31 13:55:01 xxxxxxx CRON[21497]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 13:55:01 xxxxxxx CRON[21497]: pam_unix(cron:session): session closed for user root
Dec 31 14:05:01 xxxxxxx CRON[21561]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 14:05:01 xxxxxxx CRON[21561]: pam_unix(cron:session): session closed for user root
Dec 31 14:15:01 xxxxxxx CRON[21631]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 14:15:01 xxxxxxx CRON[21631]: pam_unix(cron:session): session closed for user root
Dec 31 14:17:01 xxxxxxx CRON[21657]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 31 14:17:01 xxxxxxx CRON[21657]: pam_unix(cron:session): session closed for user root

Here’s my crontab:

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )# cron to backup all the databases in 1 gzipped file every midnight
0 0     * * *   root    bash /home/db_backup.sh > /dev/null 2>&1# cron to update CloudFlare list of IPs for set_real_ip_from (nginx)
0 21    * * 0  root bash /etc/nginx/cloudflare-ips.sh > /dev/null 2>&1

There’s nothing to be executed every 2, 5 or 10 minutes (Dec 31 12:05, Dec 31 12:15, Dec 31 12:17, …)!
What can cause these sessions to be opened and closed all these times (in a small time interval)?

Asked by MultiformeIngegno

That looks like /etc/crontab on an Ubuntu system.

What about root’s crontab /var/spool/cron/crontabs/root (crontab -e as root).
What about the contents of /etc/cron.d (which will probably be most revealing)

Answered by Iain

Check more discussion of this question.

Latest Images

Trending Articles

Latest Images