On Mon, Jan 26, 2015 at 6:21 PM, Tanstaafl <tansta...@libertytrek.org>
wrote:
> Hello all,
>
> Been on rkhunter 1.4.2 for a while, no changes made to its config file,
> been running nightly for years without these warnings...
>
> I recently did some Gentoo updates after almost 2 months of no updates
> (was out of town), and now, even after running --propupd, I continue to
> get these warnings:
>
> > # grep Warning /var/log/rkhunter.log
> > [03:10:32] Info: Emailing warnings to 'root' using command '/bin/mail
> -s "[rkhunter] Warnings found for ${HOST_NAME}"'
> > [03:10:45] /bin/egrep [ Warning ]
> > [03:10:45] Warning: The command '/bin/egrep' has been replaced by a
> script: /bin/egrep: POSIX shell script, ASCII text executable
> > [03:10:45] /bin/fgrep [ Warning ]
> > [03:10:45] Warning: The command '/bin/fgrep' has been replaced by a
> script: /bin/fgrep: POSIX shell script, ASCII text executable
>
> Anyone know if this is due to something changing in Gentoo?
>
> As stated in the previous response to your original thread, /bin/[ef]grep
come with the grep package:
file `equery -q f grep|grep /bin/`
/bin/egrep: POSIX shell script, ASCII text executable
/bin/fgrep: POSIX shell script, ASCII text executable
/bin/grep: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.16,
stripped
The shell scripts in question call the grep binary with the flags shown
below:
grep exec /bin/[ef]grep
/bin/egrep:exec $grep -E "$@"
/bin/fgrep:exec $grep -F "$@"
