eyeh8windows Posted February 1, 2007 Share Posted February 1, 2007 (edited) My computer sent me an email message about security warnings. In the list, it talks about which ports and services are listening for connections and I was suprised to find several open ports with an application waiting for a connection. My questions are: Is Mandy 07' preconfigured for X11, racoon, & kdeinit to listen for connections? Also, I have no idea what" ! RUID PID TTY CMD ! root 3778 tty7 /etc/X11/X -br -deferglyphs 16 :0 vt7 -auth /var/run/xauth/A:0-r4xUYZ" means, it's in the section that talks about rootkits. I have attached the email for an in-depth analysis. [moved from Software by spinynorman] msec_yesterday.txt Edited February 11, 2007 by eyeh8windows Link to comment Share on other sites More sharing options...
pindakoe Posted February 2, 2007 Share Posted February 2, 2007 Racoon seems to be part of the ipsectools, which you may (or may not) use. I am a great believer of not having anytmore sofwtare installed than I understand to use, so I always try to remove what I do not need (or do not understand). I rely on rpmdrake to inform me if something is needed to support other software; so I would use rpmdrake to look up which package racoon is in and remove that -- I do not have such a file on my functioning 2007.0 PC. kdeinit -- I cannot say, not using KDE, but I expect this will be started when KDE starts to support KDE. Others with KDE experience are better placed to comment. These two lines: ! root 3778 tty7 /etc/X11/X -br -deferglyphs 16 :0 vt7 -auth /var/run/xauth/A:0-r4xUYZ ! root 15974 tty8 /etc/X11/X -br -deferglyphs 16 :1 vt8 -auth /var/run/xauth/A:1-coefgF indicate that X-servers (!) are running on tty7 and tty8. By default your Xserver will be running on tty7; a second instance can be started on the next higher TTY, but I cannot see how you could accomplish this without knowing why. I do not understand the error message other than that Linux' accounting is not 100% which may indicate an intrusion. Commands like w and who show who is currently logged in; commands like last and lastlog (both opnly as root) show the whole history of logons and restarts. You can go to TTY8 with Ctrl-Alt-F8 and see what is there as well. Link to comment Share on other sites More sharing options...
tyme Posted February 2, 2007 Share Posted February 2, 2007 Chances are if you have the firewall set up in MCC these ports actually aren't open to people coming in from the 'net. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now