Ubuntu auth.log大量出现pam_unix(cron:session): session opened for user root by (uid=0)解决办法

现象

认证日志/var/log/auth.log反复出现CRON信息

Aug  8 01:09:01 rpi0w CRON[15394]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 01:09:01 rpi0w CRON[15394]: pam_unix(cron:session): session closed for user root
Aug  8 01:17:02 rpi0w CRON[15403]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 01:17:02 rpi0w CRON[15403]: pam_unix(cron:session): session closed for user root
Aug  8 01:39:01 rpi0w CRON[15443]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 01:39:01 rpi0w CRON[15443]: pam_unix(cron:session): session closed for user root
Aug  8 02:09:01 rpi0w CRON[15477]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 02:09:01 rpi0w CRON[15477]: pam_unix(cron:session): session closed for user root
Aug  8 02:17:01 rpi0w CRON[15499]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 02:17:01 rpi0w CRON[15499]: pam_unix(cron:session): session closed for user root
Aug  8 02:39:01 rpi0w CRON[15526]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug  8 02:39:01 rpi0w CRON[15526]: pam_unix(cron:session): session closed for user root

看起来是root计划任务但用crontab -l没有发现对应任务

分析

问题应该出在系统自带的周期性任务，查看以下路径

/etc/cron.d/
/etc/cron.daily/   
/etc/cron.hourly/  
/etc/cron.monthly/
/etc/cron.weekly/

确认存在系统任务，考虑清除cron的auth日志信息。

方法

使用sudo编辑/etc/pam.d/common-session-noninteractive
找到这一行

session required        pam_unix.so
# 前排添加

session     [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid
# 保存退出
# 重启 crond 服务

sudo service cron restart