every time I shut down my computer the computer reports that it can't kill cannaserver because it is run by another machine.

I don't understand, why is a process on my computer ran by another machine. So I checked system monitor and I have a few questions.

1. I'm the only user on this machine, some processes report that it is ran by me, some is ran by root which is fine because I am the root, BUT some processes are run by some unknown users eg. jserver run by user "wnn". Does anyone know why there are unknown users running processes on my machine?

2. what is cannonserver? jserver? xfs? portmap? and all these other processes that are ran by unknown users??

I hope I'm not getting hacked... my linux (2 days old) is too young to die,

every time I shut down my computer the computer reports that it can't kill cannaserver because it is run by another machine.
Are you on a LAN and have other hosts that use japanese translation? If not, please post a more exact error description, if yes, and you don't want them to use your Canna, can you install Canna on those hosts?

1. Most processes the system needs are run as "daemons", that is, in the background, and often as a different user than "root". The user account these processes run as can not be used to login with, making the daemon safer to use and still have some needed privileges like being able to read, open or write to files. The numerical ID for these users is usually between 10 and 100 or 500. User ID's over 500, usually are human users.

2. Canna is the japanese (kana to kanji/romaji) translations server. I don't use Canna, and I don't know if it's run tru Xinetd. For this I'm going to assert it's running in standalone mode and your distro is Red Hat. If run tru Xinetd, look in /etc/xinetd.d. If not Red Hat, find out how your distro handles package management. To find out which Canna version is installed, as root, type "rpm -qa | grep -ie canna". Now to find out the contents of that package, type "rpm -qlv Canna-<version>". Where version is what you got from the first query. To cross-check which user Canna is running as, type "find / -type f -name Canna.conf | xargs -ix egrep 'x' -e "^canna(Owner|Group)". AFAIK this should be an unprivileged user, with a numerical ID over at least 50, presumably user "canna": "grep /etc/passwd -ie "^canna" should tell. "netstat -anp" or "lsof -i" should give you the unique process ID (PID) a process is run as which you can manipulate (as in send a signal like KILL), the binary name and in case of lsof also the user it's being run as. Now if you have the process PID, then run "strings /proc/<insert pid here>/status" and all the info you found out like process name, user ID etc etc should correlate with earlier findings.

The routine described above can be run on any service you have questions about to find out the details (also see "whatis", "slocate", "apropos" and "man" Just feed the name of the app as argument). You prolly wonder why this can't be automated. It can be, but it's good to know the manual routines. Google around for Chkrootkit(.org), Tiger (Savannah.nongnu.org), Aide (or Samhain or tripwire), Lsat and check out the LQ FAQ: Security references. I recommend you at least install and use the first three apps I mentioned.

Now you know what's running on your box, determine which services you need to run, and want to allow people to have access to. If you conclude you don't need some services, read their documentation and search LQ for it just to make sure you don't need 'em, then deinstall. If you need the services yourself, but don't want to have remote hosts accessing them, there are basically 4 basic mechanisms to restrict usage:
1. Daemon configuration. Most server daemons allow you to place restrictions on who can access them.
2. TCP Wrappers (aka libwrap). The /etc/hosts.{deny,allow} files allow you to control who can access a service from any address or range. Xinetd also uses libwrap.
3. PAM. Used by services that need a user to login.
4. The firewall. It's called "Netfilter" but in kernel v2.4 you know it as "iptables", in 2.2 as "ipchains". It allows you to define rules that allow/deny access to a service from any address or range.

thanks for the vast amount of information. here's what my computer spat out when I tried your commands.
---------
rpm -qa | grep -ie canna
nvi-m17n-nocanna-1.79-20011024.10
Canna-libs-3.6-12
kinput2-canna-wnn6-v3.1-4
Canna-devel-3.6-12
nvi-m17n-canna-1.79-20011024.10
Canna-3.6-12
----------
rpm -qlv Canna-1.79-20011024.10
package Canna-1.79-20011024.10 is not installed
----------
grep /etc/passwd -ie "^canna"
canna:x:39:39:Canna Service User:/var/lib/canna:/sbin/nologin
----------
netstat -anp
SEVERAL PAGES OF STUFF
------------
strings /proc/2541/status
Name: cannaserver
State: S (sleeping)
Tgid: 2541
Pid: 2541
PPid: 1
TracerPid: 0
Uid: 1 1 1 1
Gid: 1 1 1 1
FDSize: 32
Groups: 1 2 3
VmSize: 1920 kB
VmLck: 0 kB
VmRSS: 440 kB
VmData: 368 kB
VmStk: 56 kB
VmExe: 128 kB
VmLib: 1340 kB
SigPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 8000000000003001
SigCgt: 0000000000004002
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
---------------

and thats all folks! what do you make of it?
oh...I have cable, donno if cable is the same thing as LAN or not.

I make it you got stuck reading halfway down my reply. Read the bottom half and decide if it's gotta go or if it needs restricting, then act on that decision. If it's gotta go, make sure you stop the service before removing the rpm's. If it doesn't want to be killed do "pkill canna" or "kill -s KILL $(/sbin/pidof canna)".

And to answer your last question, no, wrt what we spoke about, having cable is not the same as a LAN.

hey, nice link you got there. I think after reading the entire information on your link (not today) I'll have some idea of security.

Something just happened to my computer and I would appreciate very much an explanation. I was reading some pdf manuals on linux security and messing with the files adding lines to it.
Then suddenly my mouse button pointed upper right (normally it points to upper left). I moved my mouse around and it shocked me to see that my mouse button can't move beyond the screen in the pdf window, ie. I can't get to my panel or the X that closes the pdf.
So then I pressed ctrl alt del on my keyboard, BUT the keyboard isn't working, because when I pressed the Caps Lock button the LED won't light up.

summery: all of a sudden my mouse points to a different direction, get confined in a certain space, and my keyboard won't communicate with my computer.

I know this sounds funny but I'm NOT making this up. Any clue what happened?

No, not unless you show some errors from the XFree or messages log, sorry. Mouse pointer changing that way usually means something with respect to selecting options or similar actions. Why the application grabbed the pointer w/o releasing it I don't know.

Btw, you shouldn't read the WHOLE FAQ in one go, just look under the heading "basics" and take it from there.

ok, I agree... learning linux isn't as easy as windows.
I have one more question: how can I get my IP address so that I can attempt to "hack" myself? The only way that I can be sure that my system is configured securely is to try to intrude my own comp and see if I can. I keep getting more than one IPs one of them being 127.0.0.1
Do you know the way I can get my REAL IP? thanks.

ps. I hear you are doing a manual for newbies. If you ever need a list of newbie "most wanted" questions, I can contribute

Get your IP address looking at output from "ifconfig" or "hostname -i", but I think it would be more beneficial to first learn security basics before you start "cracking" your own box.

If you want to contribute, look up the "LQ REQ: Real newbie HOWTO's, refs, etc etc." thread. Of course you're invited to join the mailinglist as well.