Internal dummy connection und eine auth.log Frage

[Ogad]

Hallo!

Seid einiger Zeit beobachte ich in der auth.log Zeilen wie die unten stehenden, welche teilweise seitenlang sind.

Aug 10 02:17:01 pvxxx CRON[23750]: (pam_unix) session opened for user root by (uid=0)
Aug 10 02:17:01 pvxxx CRON[23750]: (pam_unix) session closed for user root
Aug 10 03:17:01 pvxxx CRON[28194]: (pam_unix) session opened for user root by (uid=0)
Aug 10 03:17:01 pvxxx CRON[28194]: (pam_unix) session closed for user root
Aug 10 04:17:01 pvxxx CRON[24561]: (pam_unix) session opened for user root by (uid=0)
Aug 10 04:17:01 pvxxx CRON[24561]: (pam_unix) session closed for user root
Aug 10 05:17:01 pvxxx CRON[16129]: (pam_unix) session opened for user root by (uid=0)
Aug 10 05:17:01 pvxxx CRON[16129]: (pam_unix) session closed for user root
Aug 10 06:17:01 pvxxx CRON[7493]: (pam_unix) session opened for user root by (uid=0)
Aug 10 06:17:01 pvxxx CRON[7493]: (pam_unix) session closed for user root
Aug 10 06:25:01 pvxxx CRON[14013]: (pam_unix) session opened for user root by (uid=0)
Aug 10 06:25:01 pvxxx CRON[14013]: (pam_unix) session closed for user root
Aug 10 06:47:02 pvxxx CRON[3750]: (pam_unix) session opened for user root by (uid=0)
Aug 10 06:47:02 pvxxx CRON[3750]: (pam_unix) session closed for user root
Aug 10 07:17:01 pvxxx CRON[32384]: (pam_unix) session opened for user root by (uid=0)
Aug 10 07:17:01 pvxxx CRON[32384]: (pam_unix) session closed for user root
Aug 10 08:17:01 pvxxx CRON[29972]: (pam_unix) session opened for user root by (uid=0)
Aug 10 08:17:01 pvxxx CRON[29972]: (pam_unix) session closed for user root
Aug 10 09:17:01 pvxxx CRON[32412]: (pam_unix) session opened for user root by (uid=0)
Aug 10 09:17:01 pvxxx CRON[32412]: (pam_unix) session closed for user root
Aug 10 10:17:01 pvxxx CRON[1646]: (pam_unix) session opened for user root by (uid=0)
Aug 10 10:17:01 pvxxx CRON[1646]: (pam_unix) session closed for user root
Aug 10 11:17:01 pvxxx CRON[6098]: (pam_unix) session opened for user root by (uid=0)
Aug 10 11:17:01 pvxxx CRON[6098]: (pam_unix) session closed for user root
Aug 10 12:17:01 pvxxx CRON[16336]: (pam_unix) session opened for user root by (uid=0)
Aug 10 12:17:03 pvxxx CRON[16336]: (pam_unix) session closed for user root

Ich frage mich, was das zu bedeuten hat, da ich keinen Cronjob angelegt habe, der solche Aktibitäten verzeichnet.

Dann komme ich zu meiner zweiten Frage, aus dem access.log:

::1 - - [23/Aug/2008:12:54:20 +0000] "GET / HTTP/1.0" 302 301 "-" "Apache/2.2.3 (Debian) (internal dummy connection)"
::1 - - [23/Aug/2008:12:54:20 +0000] "GET / HTTP/1.0" 302 301 "-" "Apache/2.2.3 (Debian) (internal dummy connection)"
::1 - - [23/Aug/2008:12:54:20 +0000] "GET / HTTP/1.0" 302 301 "-" "Apache/2.2.3 (Debian) (internal dummy connection)"
::1 - - [23/Aug/2008:12:54:20 +0000] "GET / HTTP/1.0" 302 301 "-" "Apache/2.2.3 (Debian) (internal dummy connection)"
::1 - - [23/Aug/2008:12:54:20 +0000] "GET / HTTP/1.0" 302 301 "-" "Apache/2.2.3 (Debian) (internal dummy connection)"
::1 - - [23/Aug/2008:12:54:20 +0000] "GET / HTTP/1.0" 302 301 "-" "Apache/2.2.3 (Debian) (internal dummy connection)"

Auch hier: Was ist das?

lg,
Ogad

 

[Roger Wilco]

Seid einiger Zeit beobachte ich in der auth.log Zeilen wie die unten stehenden, welche teilweise seitenlang sind.

crond führt einen (bzw. mehrere) Cronjobs als Benutzer root aus. Das ist normal.

Dann komme ich zu meiner zweiten Frage, aus dem access.log:
[...]
Auch hier: Was ist das?

Das sind interne Dummyverbindungen , damit die Apacheprozesse nicht einschlafen. Wurde auch schon mehrfach hier abgehandelt.

 

[Ogad]

Mh, aber ich habe keine Cronjobs eingerichtet?

 

[Roger Wilco]

Deswegen gibt es trotzdem zahlreiche Cronjobs auf einem System. Schau doch nur mal in /etc/cron.*/*.

 

[Firewire2002]

damit die Apacheprozesse nicht einschlafen

Hilfe, mein Apache schnarcht.

 

[Thorsten]

Hallo!
InternalDummyConnection - Httpd Wiki

mfG
Thorsten

 

[fux0312]

@Thorsten
Danke für den Link bei Wiki:

If you wish to exclude them from your log, you can use normal conditional-logging techniques. For example, to omit all requests from the loopback interface from your logs, you can use
SetEnvIf Remote_Addr "127\.0\.0\.1" loopback
and then add env=!loopback to the end of your CustomLog directive

Kannst du mir das bitte mal kurz erklären, was man damit machen soll. Ich finde keinerlei Anleitung.

Vielen Dank