You are not logged in.
- Topics: Active | Unanswered
#1 2018-11-23 18:52:04
- UlrichHoltzach
- Member
- Registered: 2018-11-18
- Posts: 3
sudo line in journalctl every other second
Hello,
I checked my journalctl output recently, and I noticed I had sudo line every two seconds doing this:
nov. 23 19:48:22 computer sudo[8658]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:48:22 computer sudo[8658]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:48:22 computer sudo[8658]: pam_unix(sudo:session): session closed for user root
nov. 23 19:48:22 computer sudo[8743]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:48:22 computer sudo[8743]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:48:22 computer sudo[8743]: pam_unix(sudo:session): session closed for user root
nov. 23 19:49:02 computer sudo[8837]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:49:02 computer sudo[8837]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:49:02 computer sudo[8837]: pam_unix(sudo:session): session closed for user root
nov. 23 19:49:23 computer sudo[8926]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:49:23 computer sudo[8926]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:49:23 computer sudo[8926]: pam_unix(sudo:session): session closed for user root
nov. 23 19:50:36 computer sudo[9020]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:50:36 computer sudo[9020]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:50:36 computer sudo[9020]: pam_unix(sudo:session): session closed for user root
nov. 23 19:50:36 computer sudo[9105]: ulrich : TTY=pts/1 ; PWD=/home/ulrich ; USER=root ; COMMAND=/usr/sbin/true
nov. 23 19:50:36 computer sudo[9105]: pam_unix(sudo:session): session opened for user root by (uid=0)
nov. 23 19:50:36 computer sudo[9105]: pam_unix(sudo:session): session closed for user rootI don't understand it. Anyone does ?
Offline
#2 2018-11-23 19:17:20
- twelveeighty
- Member
- From: Alberta, Canada
- Registered: 2011-09-04
- Posts: 1,096
Re: sudo line in journalctl every other second
Did you try Googling that error: "pam_unix(sudo:session): session opened for user root by (uid=0)" yourself? I get a number of hits that should get you to a root cause - it's either a Cron task or some other scheduled process that runs that often. Did you install something recently?
Offline
#3 2018-11-23 19:47:24
- UlrichHoltzach
- Member
- Registered: 2018-11-18
- Posts: 3
Re: sudo line in journalctl every other second
I tried, but I do not have nor an active cron table, neither systemd timers at this rate. That's why I opened this thread, I don't know how to trace it back to a process.
Offline
#4 2018-11-23 19:55:48
- twelveeighty
- Member
- From: Alberta, Canada
- Registered: 2011-09-04
- Posts: 1,096
Re: sudo line in journalctl every other second
Did you install something recently?
^
The more information you provide, the better we can help you. Don't spoon-feed us information. If you have already looked at certain things and can say with certainty it's not one of them, tell us. Also, how are you sure there are no cron tasks running? Did you check crontab for all users on that machine, not just root?
Offline
#5 2018-11-23 21:16:47
- seth
- Member
- Registered: 2012-09-03
- Posts: 51,132
Re: sudo line in journalctl every other second
Sth. in your session periodically runs "sudo true"; contenders aside cronjobs are statusbars, conky, etc. - stuff where you added a bogus script to be periodically executed.
Offline