Pi-hole spamming auth.log

pppiii · February 16, 2022, 1:15pm

Hi everyone.
Did anyone else notice the auth.log getting spammed by their Pi-hole?
I get ca. 3 entries per second written to that log.
Just took a couple of hours to bloat the log to currently over 13mb.
The entries all look like this:

Feb 16 11:09:46 rpi sudo: www-data : PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Feb 16 11:09:46 rpi sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=33)
Feb 16 11:09:46 rpi sudo: pam_unix(sudo:session): session closed for user root

I've put my logs into RAM to reduce the wear on the sdcard. But still, this can not / should not be regular behavior, right?!

So, anyone noticing the same? Or is this a "me"-problem?

yubiuser · February 16, 2022, 1:23pm

Yes.

github.com/pi-hole/pi-hole

function piholeStatus() is flooding syslog with www-data sudo to root messages

opened 06:40PM - 15 Feb 22 UTC

closed 06:59PM - 20 Apr 22 UTC

thelner

Fixed in next release Investigating

### Versions Pi-hole version is v5.9 (Latest: v5.9) AdminLTE version is v5….11 (Latest: v5.11) FTL version is v5.14 (Latest: v5.14) ### Platform - OS and version: Debian GNU/Linux 11 (Raspberry Pi OS (64-bit)) - Platform: Raspberry Pi 4 ### Actual behavior / bug With the addition of "Use piholeStatus() in header.php #2062", every time "function piholeStatus()" (scripts/pi-hole/php/func.php) is called, this is written to the systemd journal once per second the entire time the pi-hole web page is loaded: Feb 15 12:11:50 pihole4 sudo[120279]: www-data : PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web Feb 15 12:11:50 pihole4 sudo[120279]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=33) Feb 15 12:11:50 pihole4 sudo[120279]: pam_unix(sudo:session): session closed for user root This is not only flooding the systemd journal but causing high system loads because of IO wait. ### Steps to reproduce Steps to reproduce the behavior: 1. Load Pi-Hole webpage 2. View systemd journal: $ sudo journalctl -xe ## Debug Token https://tricorder.pi-hole.net/YqF94i7Y/ ## Additional Info To temporarily solve this, I edited scripts/pi-hole/php/func.php to stop calling `pihole_execute('status web')`: function piholeStatus() { // Receive the return of "pihole status web" // $pistatus = pihole_execute('status web'); $pistatus = '53'; return isset($pistatus[0]) ? intval($pistatus[0]) : -2; }

pppiii · February 16, 2022, 1:31pm

Thanks for the quick reply!

So it's not just me.

Anything I can provide to help find a solution?!
(e.g. logs/outputs, info about my system, ...)

yubiuser · February 17, 2022, 12:19am

Thanks for your offer. We are working already on a solution. If we need more help, we come back to you.

https://github.com/pi-hole/AdminLTE/pull/2126

DarkCatapulter · March 2, 2022, 10:11pm

I also seem to have the same issue. Glad that you guys are working on it

Mar  2 22:20:01 pihole CRON[15376]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar  2 22:20:01 pihole CRON[15376]: pam_unix(cron:session): session closed for user root
Mar  2 22:30:01 pihole CRON[15455]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar  2 22:30:01 pihole CRON[15455]: pam_unix(cron:session): session closed for user root

system · March 23, 2022, 10:11pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.