Différences

Ci-dessous, les différences entre deux révisions de la page.

--- raspberry:log [05-07-2013 21:31]
edmc73 [syslog]
+++ raspberry:log [04-03-2021 20:34] (Version actuelle)
edmc73
@@ Ligne 135: / Ligne 135: @@
 Inconvénient, plus de trace en cas de piratage, assurez vous d'avoir un bon mot de passe.
+voir aussi dans /etc/rsyslog.conf
+Commenter la ligne suivante pour ne plus rien recevoir dans /var/log/auth.log
+  #auth,authpriv.*                        /var/log/auth.log
+et relancez le service des journaux
+  service rsyslog restart
+---
+Dans auth.log il y a aussi un paquet de ligne venant de cron
+<code>
+Jun 24 20:35:01 edmchome CRON[9024]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:35:01 edmchome CRON[9024]: pam_unix(cron:session): session closed for user root
+Jun 24 20:36:01 edmchome CRON[9040]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:36:01 edmchome CRON[9040]: pam_unix(cron:session): session closed for user root
+Jun 24 20:37:01 edmchome CRON[9056]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:37:02 edmchome CRON[9056]: pam_unix(cron:session): session closed for user root
+Jun 24 20:38:01 edmchome CRON[9072]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:38:01 edmchome CRON[9072]: pam_unix(cron:session): session closed for user root
+Jun 24 20:39:01 edmchome CRON[9088]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:39:01 edmchome CRON[9088]: pam_unix(cron:session): session closed for user root
+Jun 24 20:40:01 edmchome CRON[9104]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:40:02 edmchome CRON[9104]: pam_unix(cron:session): session closed for user root
+Jun 24 20:41:01 edmchome CRON[9120]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:41:01 edmchome CRON[9120]: pam_unix(cron:session): session closed for user root
+Jun 24 20:42:01 edmchome CRON[9136]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:42:02 edmchome CRON[9136]: pam_unix(cron:session): session closed for user root
+Jun 24 20:43:01 edmchome CRON[9152]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:43:01 edmchome CRON[9152]: pam_unix(cron:session): session closed for user root
+Jun 24 20:44:01 edmchome CRON[9168]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:44:01 edmchome CRON[9168]: pam_unix(cron:session): session closed for user root
+Jun 24 20:45:01 edmchome CRON[9184]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:45:02 edmchome CRON[9184]: pam_unix(cron:session): session closed for user root
+Jun 24 20:46:01 edmchome CRON[9200]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:46:01 edmchome CRON[9200]: pam_unix(cron:session): session closed for user root
+Jun 24 20:47:01 edmchome CRON[9216]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:47:02 edmchome CRON[9216]: pam_unix(cron:session): session closed for user root
+Jun 24 20:48:01 edmchome CRON[9232]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:48:01 edmchome CRON[9232]: pam_unix(cron:session): session closed for user root
+Jun 24 20:49:01 edmchome CRON[9248]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:49:01 edmchome CRON[9248]: pam_unix(cron:session): session closed for user root
+Jun 24 20:50:01 edmchome CRON[9264]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:50:02 edmchome CRON[9264]: pam_unix(cron:session): session closed for user root
+Jun 24 20:51:01 edmchome CRON[9280]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:51:01 edmchome CRON[9280]: pam_unix(cron:session): session closed for user root
+Jun 24 20:52:01 edmchome CRON[9296]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:52:02 edmchome CRON[9296]: pam_unix(cron:session): session closed for user root
+Jun 24 20:53:01 edmchome CRON[9312]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:53:01 edmchome CRON[9312]: pam_unix(cron:session): session closed for user root
+Jun 24 20:54:01 edmchome CRON[9328]: pam_unix(cron:session): session opened for user root by (uid=0)
+Jun 24 20:54:01 edmchome CRON[9328]: pam_unix(cron:session): session closed for user root
+Jun 24 20:55:01 edmchome CRON[9344]: pam_unix(cron:session): session opened for user root by (uid=0)
+</code>
+=== 1ère méthode trouvé sur le net mais qui ne marche pas pour moi ===
+Pour éviter ça, modifiez **/etc/pam.d/common-session-noninteractive**
+  vi /etc/pam.d/common-session-noninteractive
+après la ligne
+  session required pam_unix.so
+ajoutez
+  session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid
+Redémarrez le service crond
+  service cron restart
+=== 2ème méthode qui marche pour moi :) ===
+Configurer le rsyslog pour exclure ce type d'entrée dans les logs. Editez le fichier **/etc/rsyslog.conf**
+  vi /etc/rsyslog.conf
+Modifiez la ligne
+  auth,authpriv.*                 /var/log/auth.log
+par
+  :msg, contains, "pam_unix(cron:session)" ~
+  auth,authpriv.*                 /var/log/auth.log
+et redémarrez le service des journaux
+  service rsyslog restart
 ==== messages ====
@@ Ligne 292: / Ligne 369: @@
 ==== dbus-daemon ====
+===== Stopper tous les logs =====
+Solution radicale pour éviter l'écriture des logs
+  sudo systemctl stop rsyslog
+  sudo systemctl disable rsyslog
+ou
+Edit the file /etc/rsyslog.conf and just after the section starting
+  ###############
+  #### RULES ####
+  ###############
+add the following line.
+  *.*     ~
+If you want to be more fine-grained you will need to read the file comments.
+Do not forget to restart rsyslog daemon:
+  sudo service rsyslog restart

Outils pour utilisateurs

Outils du site

Différences

Outils de la page