Am I compromised, or does Gentoo go around creating a bunch of users just for the hell of it? here's a bunch of users I don't understand
No, this is all pretty standard. Plus, the fact that the shells are all /bin/false makes it impossible to log in as those user and get an interactive shell. For added peace of mind, check your /etc/shadow directory, where the actual passwords are kept. The passwords fields are '*' or '!' which are impossible to hash to using the password hashing algorithm. That makes it doubly impossible to ever log in as those users.
I am not running uucp, and I don't have squid, bind, mysql, postgres, apache, nut, cyrus (what is it?), vpopmail, alias (what is it?), qmail, postfix, or smmsp installed. I grab my inbound email via POP, and push my outbound email via ssmtp to my ISP's MTA. I *HOPE* I'm not running any publicly visible servers. My machine sits behind a NATing router-cum-ADSL-modem, and iptables rejects all externally-initiated connections, and blocks all traffic coming and going to/from my ports 0..1023 excepting to/from lo.
Audit yourself. 'emerge' the 'nmap' port-scanning program. Run it on your ethernet interface (not your localhost interface). Run '/sbin/ifconfig' to find your actual ethernet address and run 'nmap <ethernet address>'. This will tell you which ports are listening on eth0. This is a good test to do because it is exactly what the bad guys would do.
Hope this puts some of your fears to rest...
--
-Mike Melanson
--
[email protected] mailing list