Re: [gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep & fgrep

Mon, 26 Jan 2015 08:32:55 -0800 

On Mon, Jan 26, 2015 at 11:21 AM, Tanstaafl <[email protected]> wrote:
> Hello all,
>
> Been on rkhunter 1.4.2 for a while, no changes made to its config file,
> been running nightly for years without these warnings...
>
> I recently did some Gentoo updates after almost 2 months of no updates
> (was out of town), and now, even after running --propupd, I continue to
> get these warnings:
>
>>  # grep Warning /var/log/rkhunter.log
>> [03:10:32] Info: Emailing warnings to 'root' using command '/bin/mail
> -s "[rkhunter] Warnings found for ${HOST_NAME}"'
>> [03:10:45]   /bin/egrep                                      [ Warning ]
>> [03:10:45] Warning: The command '/bin/egrep' has been replaced by a
> script: /bin/egrep: POSIX shell script, ASCII text executable
>> [03:10:45]   /bin/fgrep                                      [ Warning ]
>> [03:10:45] Warning: The command '/bin/fgrep' has been replaced by a
> script: /bin/fgrep: POSIX shell script, ASCII text executable
>
> Anyone know if this is due to something changing in Gentoo?
>

Well, for the 'not updated recently enough' baseline:

 ~ $ eix grep -I
[I] sys-apps/grep
     Available versions:  2.16 ~2.20 ~2.20-r1 ~2.21 {nls pcre static}
     Installed versions:  2.16(20:37:55 04/11/14)(nls pcre -static)
     Homepage:            http://www.gnu.org/software/grep/
     Description:         GNU regular expression matcher

 ~ $ file /bin/*grep
/bin/egrep: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped
/bin/fgrep: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped
/bin/grep:  ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped

 ~ $ ls -l /bin/*grep
-rwxr-xr-x 1 root root 208096 Apr 11  2014 /bin/egrep
-rwxr-xr-x 1 root root 105472 Apr 11  2014 /bin/fgrep
-rwxr-xr-x 1 root root 212256 Apr 11  2014 /bin/grep

-----

And after a quick update:

 ~ $ eix grep -I
[I] sys-apps/grep
     Available versions:  2.16 ~2.20 ~2.20-r1 ~2.21 2.21-r1 {nls pcre static}
     Installed versions:  2.21-r1(11:28:57 01/26/15)(nls pcre -static)
     Homepage:            http://www.gnu.org/software/grep/
     Description:         GNU regular expression matcher

 ~ $ file /bin/*grep
/bin/egrep: POSIX shell script, ASCII text executable
/bin/fgrep: POSIX shell script, ASCII text executable
/bin/grep:  ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped

 ~ $ ls -l /bin/*grep
-rwxr-xr-x 1 root root    158 Jan 26 11:28 /bin/egrep
-rwxr-xr-x 1 root root    158 Jan 26 11:28 /bin/fgrep
-rwxr-xr-x 1 root root 154856 Jan 26 11:28 /bin/grep


-- 
Poison [BLX]
Joshua M. Murphy

Reply via email to