I was just going through auth.log file, I found the following error. Can anybody tell is it a hack or just log of Bugzilla which I installed & throughing an error.
Mar 12 06:50:10 bigbugz02 su[13762]: Successful su for www-data by root
Mar 12 06:50:10 bigbugz02 su[13762]: + ??? root:www-data
Mar 12 06:50:10 bigbugz02 su[13762]: pam_unix(su:session): session opened for user www-data by (uid=0)
Mar 12 06:50:12 bigbugz02 su[13762]: pam_unix(su:session): session closed for user www-data
This is a frequently asked question in Secure Debian guide. Here is some more info on the topic:
Generally it could be a cron job. So – it is safe.
Check more discussion of this question.