My computer sent me an email message about security warnings. In the list, it talks about which ports and services are listening for connections and I was suprised to find several open ports with an application waiting for a connection.

My questions are: Is Mandy 07' preconfigured for X11, racoon, & kdeinit to listen for connections? Also, I have no idea what" ! RUID PID TTY CMD
! root 3778 tty7 /etc/X11/X -br -deferglyphs 16 :0 vt7 -auth /var/run/xauth/A:0-r4xUYZ" means, it's in the section that talks about rootkits.

I have attached the email for an in-depth analysis.


[moved from Software by spinynorman]

Racoon seems to be part of the ipsectools, which you may (or may not) use. I am a great believer of not having anytmore sofwtare installed than I understand to use, so I always try to remove what I do not need (or do not understand). I rely on rpmdrake to inform me if something is needed to support other software; so I would use rpmdrake to look up which package racoon is in and remove that -- I do not have such a file on my functioning 2007.0 PC.

kdeinit -- I cannot say, not using KDE, but I expect this will be started when KDE starts to support KDE. Others with KDE experience are better placed to comment.

These two lines:

indicate that X-servers (!) are running on tty7 and tty8. By default your Xserver will be running on tty7; a second instance can be started on the next higher TTY, but I cannot see how you could accomplish this without knowing why. I do not understand the error message other than that Linux' accounting is not 100% which may indicate an intrusion. Commands like w and who show who is currently logged in; commands like last and lastlog (both opnly as root) show the whole history of logons and restarts. You can go to TTY8 with Ctrl-Alt-F8 and see what is there as well.

Chances are if you have the firewall set up in MCC these ports actually aren't open to people coming in from the 'net.