Starting with the update of DNSOnly to v92.0.5 the following entries occur hourly in the secure log:
Is this a bug or a feature?
This does not occur in the WHM secure log :-/
Code:
/var/log/secure:
Dec 16 00:28:39 hs5 sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session closed for user root
Dec 16 00:28:39 xyz sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session closed for user root
Dec 16 00:28:39 xyz sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session closed for user root
Dec 16 00:28:40 xyz sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Dec 16 00:28:40 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:40 xyz sudo: pam_unix(sudo:session): session closed for user root
This does not occur in the WHM secure log :-/