How to exclude crond from audit logs

Solution Verified - Updated -

Issue

  • How do you disable PAM related crond messages from logging to the /var/log/audit/audit.log file?
type=USER_ACCT msg=audit(1336941301.016:10008): user pid=27266 uid=0 auid=4294967295 msg='PAM: accounting acct="root" :
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1336941301.016:10009): user pid=27266 uid=0 auid=4294967295 msg='PAM: setcred acct="root" : 
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=LOGIN msg=audit(1336941301.016:10010): login pid=27266 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1542
type=USER_START msg=audit(1336941301.046:10011): user pid=27266 uid=0 auid=0 msg='PAM: session open acct="root" : 
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=CRED_DISP msg=audit(1336941301.076:10012): user pid=27266 uid=0 auid=0 msg='PAM: setcred acct="root" :
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=USER_END msg=audit(1336941301.076:10013): user pid=27266 uid=0 auid=0 msg='PAM: session close acct="root" : 
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

Environment

  • Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content