Root was logged into pam using following authentication service: system (sudo)

[fomistoklus]

Hi there,
every 30 minutes cpanel alerts me to email about root login.
I'm using RAID on the server and nagios plugin for monitoring it.
So, each nagios check performs script execution via sudo.
About what I can see in /var/log/secure log file.

I found the corresponding thread, but an old one, from 2012
http://forums.cpanel.net/f185/keep-getting-root-login-emails-268701.html

Yesterday I've upgraded cpanel up to WHM 11.44.2 (build 3), but I keep getting these messages to my inbox.
How I can stop these alerts?

cPanel on server.myname.com <[email protected]>
Root was logged into pam using following authentication service: system (sudo)

Thank you!

 

[cPanelMichael]

Hello

You can browse to "WHM Home » Security Center » cPHulk Brute Force Protection" and ensure the option to receive a notification when root successfully logs in from an IP address that is not white listed is disabled.

Thank you.

 

[fomistoklus]

Hello cPanel Staff ,

logins are without IP address, they are from system users.

 

[cPanelMichael]

Does the issue persist after disabling the option referenced in my last post?

Thank you.

 

[fomistoklus]

Hello Michael,

yes

Thank you.

 

[cPanelMichael]

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[caisc]

Is CSF firewall installed and running on your server?

 

[Ben A. Hilleli]

Is CSF firewall installed and running on your server?

Yes we do (note: it's my server, fomistoklus is a contractor who keeps it on "good behaviour")

I'm almost certain we've had cpHulk on for ages and did not always recieve these incessant, every 30 minute alert -- which is why it's somewhat concerning.