You are not logged in.
Hello,
I checked my journalctl output recently, and I noticed I had sudo line every two seconds doing this:
nov. 23 19:48:22 computer sudo[8658]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:48:22 computer sudo[8658]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:48:22 computer sudo[8658]: pam_unix(sudo:session): session closed for user root
nov. 23 19:48:22 computer sudo[8743]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:48:22 computer sudo[8743]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:48:22 computer sudo[8743]: pam_unix(sudo:session): session closed for user root
nov. 23 19:49:02 computer sudo[8837]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:49:02 computer sudo[8837]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:49:02 computer sudo[8837]: pam_unix(sudo:session): session closed for user root
nov. 23 19:49:23 computer sudo[8926]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:49:23 computer sudo[8926]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:49:23 computer sudo[8926]: pam_unix(sudo:session): session closed for user root
nov. 23 19:50:36 computer sudo[9020]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:50:36 computer sudo[9020]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:50:36 computer sudo[9020]: pam_unix(sudo:session): session closed for user root
nov. 23 19:50:36 computer sudo[9105]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:50:36 computer sudo[9105]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:50:36 computer sudo[9105]: pam_unix(sudo:session): session closed for user root
I don't understand it. Anyone does ?
Offline
Did you try Googling that error: "pam_unix(sudo:session): session opened for user root by (uid=0)" yourself? I get a number of hits that should get you to a root cause - it's either a Cron task or some other scheduled process that runs that often. Did you install something recently?
Offline
I tried, but I do not have nor an active cron table, neither systemd timers at this rate. That's why I opened this thread, I don't know how to trace it back to a process.
Offline
Did you install something recently?
^
The more information you provide, the better we can help you. Don't spoon-feed us information. If you have already looked at certain things and can say with certainty it's not one of them, tell us. Also, how are you sure there are no cron tasks running? Did you check crontab for all users on that machine, not just root?
Offline
Sth. in your session periodically runs "sudo true"; contenders aside cronjobs are statusbars, conky, etc. - stuff where you added a bogus script to be periodically executed.
Offline