我查看了我的身份验证日志,以查看机器人是否试图获得访问权限,我看到一个 cronjob 似乎正在运行,但我不明白为什么。身份验证日志如下所示...
Dec 7 13:55:01 myuser CRON[7362]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 7 13:55:01 myuser CRON[7362]: pam_unix(cron:session): session closed for user root
Dec 7 14:05:01 myuser CRON[7385]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 7 14:05:01 myuser CRON[7385]: pam_unix(cron:session): session closed for user root
Dec 7 14:15:01 myuser CRON[7408]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 7 14:15:01 myuser CRON[7408]: pam_unix(cron:session): session closed for user root
所以它每十分钟准时运行一次。当我查看我的 root crontab 时,我看到了这一点。
#0 0 * * * job.sh
0 0 * * * job2.sh
#0 23 * * * job3.sh
0 0 */10 * * job4.sh
0 0 */5 * * job5.sh
有些作业被故意注释掉了。我只看到一个有 */10 间隔的东西,但它在天列而不是分钟列中......知道我下一步该看哪里吗?
sudo -u root crontab -l:
#0 0 * * * job.sh
0 0 * * * job2.sh
#0 23 * * * job3.sh
0 0 */10 * * job4.sh
0 0 */5 * * job5.sh
在 /etc/crontab 中:
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
我做了cat *
该cron.d
目录并编辑了所有注释并得到了以下结果:
57 0 * * 0 root if [ -x /usr/share/mdadm/checkarray ] && [ $(date +\%d) -le 7 ]; then /usr/share/mdadm/checkarray --cron --all --idle --quiet; fi
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
31 21 * * * root test -x /etc/cron.daily/popularity-contest && /etc/cron.daily/popularity-contest --crond
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2
答案1
如图所示,这些来自:
5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
并且命令debian-sa1
( /usr/lib/sysstat/debian-sa1
) 基本上是一个包装脚本,来自sysstat
包。 中的文件名/etc/cron.d/
应该是sysstat
。
更多确认:
% dpkg -S /usr/lib/sysstat/debian-sa1
sysstat: /usr/lib/sysstat/debian-sa1
% dpkg -S /etc/cron.d/sysstat
sysstat: /etc/cron.d/sysstat
上面的注释是:
# Activity reports every 10 minutes everyday
5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
debian-sa1
正在呼叫/usr/lib/sysstat/sa1
,而这最终又会呼叫sadc
。